Commit 1ee208fd authored by haemmer's avatar haemmer
Browse files

Fixed URL composing bug mentioned in #975

parent 0e9b839f
...@@ -416,7 +416,9 @@ Version History: ...@@ -416,7 +416,9 @@ Version History:
- Focus on submit button works better with different browsers - Focus on submit button works better with different browsers
- Invalid values for width and height are now defaulted to auto for - Invalid values for width and height are now defaulted to auto for
Embedded WAYF Embedded WAYF
- Fixed a Discovery Service bug that resulted in a wrong return URL to
the Service Provider. Reported by Tom Scavo
1.14.3 Release date: 4. March 2011 1.14.3 Release date: 4. March 2011
- Fixed a race condition. Thanks go to Robert Basch from MIT for - Fixed a race condition. Thanks go to Robert Basch from MIT for
reporting the issue and providing a patch. reporting the issue and providing a patch.
......
...@@ -71,7 +71,7 @@ foreach ($IDProviders as $key => $values){ ...@@ -71,7 +71,7 @@ foreach ($IDProviders as $key => $values){
// This is for back-wards compatibility with very old versions of the WAYF // This is for back-wards compatibility with very old versions of the WAYF
if (isset($_GET['getArguments']) && isset($_GET['origin']) && isset($_GET['redirect'])){ if (isset($_GET['getArguments']) && isset($_GET['origin']) && isset($_GET['redirect'])){
header('Location: '.$_SERVER['PHP_SELF'].'/redirect/'.$_GET['origin'].'?'.$_GET['getArguments']); redirectTo($_SERVER['PHP_SELF'].'/redirect/'.$_GET['origin'].'?'.$_GET['getArguments']);
exit; exit;
} }
...@@ -125,9 +125,9 @@ if (isRequestType('deleteSettings')){ ...@@ -125,9 +125,9 @@ if (isRequestType('deleteSettings')){
} }
if (isset($_GET['return'])){ if (isset($_GET['return'])){
header('Location: '.$_GET['return']); redirectTo($_GET['return']);
} else { } else {
header('Location: '.$_SERVER['SCRIPT_NAME']); redirectTo($_SERVER['SCRIPT_NAME']);
} }
exit; exit;
} }
...@@ -136,7 +136,7 @@ if (isRequestType('deleteSettings')){ ...@@ -136,7 +136,7 @@ if (isRequestType('deleteSettings')){
// Delete permanent cookie // Delete permanent cookie
if (isset($_POST['clear_user_idp'])){ if (isset($_POST['clear_user_idp'])){
setcookie ($redirectCookieName, '', time() - 3600, '/', $commonDomain, false); setcookie ($redirectCookieName, '', time() - 3600, '/', $commonDomain, false);
header('Location: ?'.$_SERVER['QUERY_STRING']); redirectTo('?'.$_SERVER['QUERY_STRING']);
exit; exit;
} }
...@@ -212,16 +212,16 @@ if ( ...@@ -212,16 +212,16 @@ if (
if (isset($IDProviders[$cookieIdP]['Type']) && $IDProviders[$cookieIdP]['Type'] == 'wayf'){ if (isset($IDProviders[$cookieIdP]['Type']) && $IDProviders[$cookieIdP]['Type'] == 'wayf'){
// Send user to cascaded WAYF with same request // Send user to cascaded WAYF with same request
header('Location: '.$IDProviders[$cookieIdP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$cookieIdP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
} elseif (isValidDSRequest()){ } elseif (isValidDSRequest()){
header('Location: '.$_GET['return'].'&'.getReturnIDParam().'='.urlencode($cookieIdP)); redirectToSP($_GET['return'], $cookieIdP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Cookie', $_GET['return'], $cookieIdP); logAccessEntry('DS', 'Cookie', $_GET['return'], $cookieIdP);
} else { } else {
header('Location: '.$IDProviders[$cookieIdP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$cookieIdP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Cookie', $_GET['shire'], $cookieIdP); logAccessEntry('WAYF', 'Cookie', $_GET['shire'], $cookieIdP);
...@@ -244,15 +244,15 @@ if ($useKerberos && isset($_SERVER['REMOTE_USER'])) { ...@@ -244,15 +244,15 @@ if ($useKerberos && isset($_SERVER['REMOTE_USER'])) {
if (isset($IDProviders[$kerberosIDP]['Type']) && $IDProviders[$kerberosIDP]['Type'] == 'wayf'){ if (isset($IDProviders[$kerberosIDP]['Type']) && $IDProviders[$kerberosIDP]['Type'] == 'wayf'){
// Send user to cascaded WAYF with same request // Send user to cascaded WAYF with same request
header('Location: '.$IDProviders[$kerberosIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$kerberosIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
} elseif (isValidDSRequest()){ } elseif (isValidDSRequest()){
header('Location: '.$_GET['return'].'&'.getReturnIDParam().'='.urlencode($kerberosIDP)); redirectToSP($_GET['return'], $kerberosIDP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Kerberos', $_GET['return'], $kerberosIDP); logAccessEntry('DS', 'Kerberos', $_GET['return'], $kerberosIDP);
} else { } else {
header('Location: '.$IDProviders[$kerberosIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$kerberosIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Kerberos', $_GET['shire'], $kerberosIDP); logAccessEntry('WAYF', 'Kerberos', $_GET['shire'], $kerberosIDP);
...@@ -272,7 +272,7 @@ if ($useKerberos && !isset($kerberosRealm)) { ...@@ -272,7 +272,7 @@ if ($useKerberos && !isset($kerberosRealm)) {
// redirect to the soft link (that points back to this script) // redirect to the soft link (that points back to this script)
// which is protected by mod_auth_kerb. // which is protected by mod_auth_kerb.
$url = $kerberosRedirectURL."?".$_SERVER['QUERY_STRING']; $url = $kerberosRedirectURL."?".$_SERVER['QUERY_STRING'];
header("Location: $url"); redirectTo($url);
exit(); exit();
} }
} }
...@@ -292,7 +292,7 @@ if ( ...@@ -292,7 +292,7 @@ if (
&& isset($_GET['origin']) && isset($_GET['origin'])
&& checkIDP($_GET['origin']) && checkIDP($_GET['origin'])
){ ){
header('Location: '.$IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$_GET['origin']]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Old-Request', $_GET['shire'], $_GET['origin']); logAccessEntry('WAYF', 'Old-Request', $_GET['shire'], $_GET['origin']);
...@@ -306,7 +306,7 @@ if ($hintedPathIDP != '-'){ ...@@ -306,7 +306,7 @@ if ($hintedPathIDP != '-'){
if (isset($IDProviders[$hintedPathIDP]['Type']) && $IDProviders[$hintedPathIDP]['Type'] == 'wayf'){ if (isset($IDProviders[$hintedPathIDP]['Type']) && $IDProviders[$hintedPathIDP]['Type'] == 'wayf'){
// Send user to cascaded WAYF with same request // Send user to cascaded WAYF with same request
header('Location: '.$IDProviders[$hintedPathIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$hintedPathIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
exit; exit;
} elseif ( checkPathInfo('redirect') ){ } elseif ( checkPathInfo('redirect') ){
...@@ -315,13 +315,13 @@ if ($hintedPathIDP != '-'){ ...@@ -315,13 +315,13 @@ if ($hintedPathIDP != '-'){
// Determine if DS or WAYF request // Determine if DS or WAYF request
if (isValidDSRequest()){ if (isValidDSRequest()){
header('Location: '.$_GET['return'].'&'.getReturnIDParam().'='.urlencode($hintedPathIDP)); redirectToSP($_GET['return'], $hintedPathIDP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Path', $_GET['return'], $hintedPathIDP); logAccessEntry('DS', 'Path', $_GET['return'], $hintedPathIDP);
} else { } else {
header('Location: '.$IDProviders[$hintedPathIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$hintedPathIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
logAccessEntry('WAYF', 'Path', $_GET['shire'], $hintedPathIDP); logAccessEntry('WAYF', 'Path', $_GET['shire'], $hintedPathIDP);
...@@ -345,10 +345,10 @@ if ( ...@@ -345,10 +345,10 @@ if (
if (isset($IDProviders[$selectedIDP]['Type']) && $IDProviders[$selectedIDP]['Type'] == 'wayf'){ if (isset($IDProviders[$selectedIDP]['Type']) && $IDProviders[$selectedIDP]['Type'] == 'wayf'){
// Send user to cascaded WAYF with same request // Send user to cascaded WAYF with same request
header('Location: '.$IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
} else if (isValidDSRequest()){ } else if (isValidDSRequest()){
header('Location: '.$_GET['return'].'&'.getReturnIDParam().'='.urlencode($selectedIDP)); redirectToSP($_GET['return'], $selectedIDP);
// Create log entry // Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){ if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
...@@ -358,7 +358,7 @@ if ( ...@@ -358,7 +358,7 @@ if (
} }
} else { } else {
header('Location: '.$IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']); redirectTo($IDProviders[$selectedIDP]['SSO'].'?'.$_SERVER['QUERY_STRING']);
// Create log entry // Create log entry
if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){ if (isset($_POST['request_type']) && $_POST['request_type'] == 'embedded'){
...@@ -450,14 +450,14 @@ if ( ...@@ -450,14 +450,14 @@ if (
// Only return user with returnIDParam to SP if IdP could be guessed // Only return user with returnIDParam to SP if IdP could be guessed
if ($selectedIDP == '-' || $selectedIDP == ''){ if ($selectedIDP == '-' || $selectedIDP == ''){
header('Location: '.$_GET['return']); redirectTo($_GET['return']);
// Create log entry // Create log entry
logAccessEntry('DS', 'Passive', $_GET['return'], '-'); logAccessEntry('DS', 'Passive', $_GET['return'], '-');
} else { } else {
header('Location: '.$_GET['return'].'&'.getReturnIDParam().'='.urlencode($selectedIDP)); redirectToSP($_GET['return'], $selectedIDP);
// Create log entry // Create log entry
logAccessEntry('DS', 'Passive', $_GET['return'], $selectedIDP); logAccessEntry('DS', 'Passive', $_GET['return'], $selectedIDP);
......
...@@ -531,6 +531,21 @@ function isValidDSRequest(){ ...@@ -531,6 +531,21 @@ function isValidDSRequest(){
} }
} }
/******************************************************************************/
// Sets the Location header to redirect the user's web browser
function redirectTo($url){
header('Location: '.$url);
}
/******************************************************************************/
// Sets the Location that is used for redirect the web browser back to the SP
function redirectToSP($url, $IdP){
if (preg_match('/\?/', $url) > 0){
redirectTo($url.'&'.getReturnIDParam().'='.urlencode($IdP));
} else {
redirectTo($url.'?'.getReturnIDParam().'='.urlencode($IdP));
}
}
/******************************************************************************/ /******************************************************************************/
// Returns true if valid Directory Service request // Returns true if valid Directory Service request
function logAccessEntry($protocol, $type, $sp, $idp){ function logAccessEntry($protocol, $type, $sp, $idp){
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment