Commit d7008980 authored by haemmer's avatar haemmer
Browse files

Merged fix for cross-site scripting vulnerability found in <= 1.12.1

Merged fix for "Remember Session" checkbox
parent 006371fd
...@@ -3,8 +3,8 @@ ...@@ -3,8 +3,8 @@
/* /*
****************************************************************************** ******************************************************************************
SWITCH PHP WAYF, SWITCH PHP WAYF,
Copyright 2010 SWITCH - Serving Swiss Universities Copyright 2009 SWITCH - Serving Swiss Universities
Version: 1.12.1 Version: 1.13
Contact: aai@switch.ch Contact: aai@switch.ch
Web site: http://www.switch.ch/aai/wayf Web site: http://www.switch.ch/aai/wayf
****************************************************************************** ******************************************************************************
...@@ -147,19 +147,19 @@ if (isset($_POST['permanent']) ...@@ -147,19 +147,19 @@ if (isset($_POST['permanent'])
setcookie ($redirectCookieName, $_POST['user_idp'], time() + (100*24*3600), '/', $commonDomain, false); setcookie ($redirectCookieName, $_POST['user_idp'], time() + (100*24*3600), '/', $commonDomain, false);
} }
} elseif ( } elseif (
isset($_POST['session']) isset($_POST['user_idp'])
&& isset($_POST['user_idp'])
&& checkIDP($_POST['user_idp']) && checkIDP($_POST['user_idp'])
){ ){
// Set redirection cookie and redirection state cookie
setcookie ($redirectCookieName, $_POST['user_idp'], null, '/', $commonDomain, false); if (isset($_POST['session'])){
setcookie ($redirectStateCookieName, 'checked', time() + (100*24*3600), '/', $commonDomain, false); // Set redirection cookie and redirection state cookie
} else { setcookie ($redirectCookieName, $_POST['user_idp'], null, '/', $commonDomain, false);
// Delete cookie for session checkbox setcookie ($redirectStateCookieName, 'checked', time() + (100*24*3600), '/', $commonDomain, false);
setcookie ($redirectStateCookieName, 'checked', time() - 3600, '/', $commonDomain, false); } else {
setcookie ($redirectStateCookieName, 'checked', time() - 3600, '/', $commonDomain, false);
}
} }
/*------------------------------------------------*/ /*------------------------------------------------*/
// Redirecting user // Redirecting user
/*------------------------------------------------*/ /*------------------------------------------------*/
...@@ -442,7 +442,7 @@ if ( ...@@ -442,7 +442,7 @@ if (
$invalidstring = preg_replace('/&/',"&\n",$invalidstring); $invalidstring = preg_replace('/&/',"&\n",$invalidstring);
if ($invalidstring == '') if ($invalidstring == '')
$invalidstring = getLocalString('no_arguments'); $invalidstring = getLocalString('no_arguments');
$message = getLocalString('arguments_missing') . '<pre><code>'.$invalidstring.'</code></pre></p> $message = getLocalString('arguments_missing') . '<pre><code>'.htmlentities($invalidstring).'</code></pre></p>
<p>'. getLocalString('valid_request_description'); <p>'. getLocalString('valid_request_description');
printError($message); printError($message);
exit; exit;
...@@ -456,7 +456,7 @@ if ( ...@@ -456,7 +456,7 @@ if (
$invalidstring = preg_replace('/&/',"&\n",$invalidstring); $invalidstring = preg_replace('/&/',"&\n",$invalidstring);
if ($invalidstring == '') if ($invalidstring == '')
$invalidstring = getLocalString('no_arguments'); $invalidstring = getLocalString('no_arguments');
$message = getLocalString('arguments_missing') . '<pre><code>'.$invalidstring.'</code></pre></p> $message = getLocalString('arguments_missing') . '<pre><code>'.htmlentities($invalidstring).'</code></pre></p>
<p>'. getLocalString('valid_saml2_request_description'); <p>'. getLocalString('valid_saml2_request_description');
printError($message); printError($message);
exit; exit;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment