Renamed favourite_idp setting to most-used favourite_idp setting on suggestion of UniBE

README

@@ -2,7 +2,7 @@ SWITCH WAYF
 -------------------------------------------------------------------------------
 Copyright 2010 SWITCH - Serving Swiss Universities
 Contact: aai@switch.ch or go to http://www.switch.ch/aai/wayf
-
+Version: See head of file 'WAYF' in the same directory
 -------------------------------------------------------------------------------
 
 Description:
@@ -64,7 +64,20 @@ or for PHP5
 </Location>
 --
 
-If you use Apache 1.3, you may have to rename the file 'WAYF' to 'WAYF.php' or 
+In some clustered environments with FastCGI it may be necessary to use something
+like
+
+--
+Options +FollowSymLinks
+
+<IfModule mod_rewrite.c>
+  RewriteEngine On
+  RewriteRule ^WAYF/(.*)$ WAYF.php/$1 [QSA,L]
+  RewriteRule ^WAYF$ WAYF.php [QSA,L]
+</IfModule>
+--
+
+You also could rename the file 'WAYF' to 'WAYF.php' or 
 make a directory called 'WAYF', rename WAYF to 'index.php' and put it in that 
 directory.
 
@@ -243,9 +256,15 @@ flexible when it comes to ordering the category and IdP entries.
 
 Changes:
 1.13   - Added Favourite IdPs to Embedded WAYF
-1.12.3 - Fixed an error in function appendValueToIdPArray
+       - Fixed Remember Selection preference
+1.12.2 - Fixed a XSS security vulnerability
+       - Fixed an error in function appendValueToIdPArray
          Thanks to Martins Purins from Latvijas Universitates for reporting this
-1.12.2 - Fixed inconsistency in default Embedded WAYF snippet
+       - Improved description for setting PHP handler on WAYF script. 
+       - Removed newly introduced PHP short tag in default-body.php
+       - Fixed inconsistency in default Embedded WAYF snippet
+         Thanks to Huân Thebault from Centre de Calcul de l'IN2P3 for 
+         reporting most of the above issues
 1.12.1 - Fixed a bug in the the getToplevelDomain function. 
          Thanks to Olivier Salaün. 
 1.12   - Added code contributions from CRU. Thanks to Olivier Salaün and co.

default-body.php

@@ -13,9 +13,9 @@
 		<input type="submit" name="Select" accesskey="s" tabindex="10" value="<?php echo getLocalString('select_button') ?>" > 
 	</p>
 	<p>
-		<input tabindex="8" type="checkbox" <?php $rememberSelectionChecked ?> name="session" value="true">
+		<input tabindex="8" type="checkbox" <?php echo $rememberSelectionChecked ?> name="session" value="true">
 		<span class="warning"><?php echo getLocalString('remember_selection') ?></span><br>
-		<?if ($showPermanentSetting) : ?>
+		<?php if ($showPermanentSetting) : ?>
 		<!-- Value permanent must be a number which is equivalent to the days the cookie shall be valid -->
 		<input type="checkbox" tabindex="9" name="permanent" value="100">
 		<span class="warning"><?php echo getLocalString('permanently_remember_selection') ?></span>

default-embedded-wayf.php

@@ -82,10 +82,10 @@ var wayf_hide_after_login = true;
 var wayf_show_categories =  true;
 
 
-// Favourite Identity Providers will be shown as top category in the drop down
+// Most used Identity Providers will be shown as top category in the drop down
 // list if this feature is used.
 // [Optional, commented out by default]
-// var wayf_favourite_idps =  new Array("urn:mace:switch.ch:SWITCHaai:unibas.ch", "https://aai.unil.ch/idp/shibboleth");
+// var wayf_most_used_idps =  new Array("urn:mace:switch.ch:SWITCHaai:unibas.ch", "https://aai.unil.ch/idp/shibboleth");
 
 
 // Categories of Identity Provider that shall not be shown

functions.php

@@ -82,13 +82,14 @@ function checkIDP($IDP, $showError = true){
 	} elseif(!$showError){
 		return false;
 	} else {
-		$message = sprintf(getLocalString('invalid_user_idp'), $IDP)."</p><p>\n<tt>";
+		$message = sprintf(getLocalString('invalid_user_idp'), htmlentities($IDP))."</p><p>\n<tt>";
 					foreach ($IDProviders as $key => $value){
 						if (isset($value['SSO'])){
 							$message .= $key."<br>\n";
 						}
 					}
 		$message .= "</tt>\n";
+		
 		printError($message);
 		exit;
 	}

templates.php

@@ -223,7 +223,7 @@ function printEmbeddedWAYFScript(){
 	$loginString = addslashes(getLocalString('login'));
 	$selectIdPString = addslashes(getLocalString('select_idp'));
 	$otherFederationString = addslashes(getLocalString('other_federation'));
-	$favouritesString = addslashes(getLocalString('favourites'));
+	$mostUsedIdPsString = addslashes(getLocalString('most_used'));
 	
 	echo <<<SCRIPT
 
@@ -252,7 +252,7 @@ var wayf_hide_logo;
 var wayf_auto_login;
 var wayf_logged_in_messsage;
 var wayf_hide_after_login;
-var wayf_favourite_idps;
+var wayf_most_used_idps;
 var wayf_show_categories;
 var wayf_hide_categories;
 var wayf_hide_idps;
@@ -651,10 +651,10 @@ function decodeBase64(input) {
 	}
 	
 	if(
-		typeof(wayf_favourite_idps) == "undefined"
-		|| typeof(wayf_favourite_idps) != "object"
+		typeof(wayf_most_used_idps) == "undefined"
+		|| typeof(wayf_most_used_idps) != "object"
 		){
-		wayf_favourite_idps = new Array();
+		wayf_most_used_idps = new Array();
 	}
 	
 	if(
@@ -845,13 +845,13 @@ SCRIPT;
 		
 		
 		// Favourites
-		if (wayf_favourite_idps.length > 0){
-			writeHTML('<optgroup label="{$favouritesString}">');
+		if (wayf_most_used_idps.length > 0){
+			writeHTML('<optgroup label="{$mostUsedIdPsString}">');
 			
 			// Show additional IdPs in the order they are defined
-			for ( var i=0; i < wayf_favourite_idps.length; i++){
-				if (wayf_idps[wayf_favourite_idps[i]]){
-					writeHTML('<option value="' + wayf_favourite_idps[i] + '">' + wayf_idps[wayf_favourite_idps[i]].name + '</option>');
+			for ( var i=0; i < wayf_most_used_idps.length; i++){
+				if (wayf_idps[wayf_most_used_idps[i]]){
+					writeHTML('<option value="' + wayf_most_used_idps[i] + '">' + wayf_idps[wayf_most_used_idps[i]].name + '</option>');
 				}
 			}