diff options
| author | Jaime Perez Crespo <jaime.perez@uninett.no> | 2016-03-03 12:00:41 +0100 |
|---|---|---|
| committer | Jaime Perez Crespo <jaime.perez@uninett.no> | 2016-03-03 12:00:41 +0100 |
| commit | 9635fc06b5158d39bfd9c5e068c5d756207eb5ca (patch) | |
| tree | 37ffa562d1bf5691b8001db5c3634bcb0726024c /lib | |
| parent | cbd20f6dfeed607b7b3e3165a42c0826ffc73915 (diff) | |
| download | simplesamlphp-9635fc06b5158d39bfd9c5e068c5d756207eb5ca.zip simplesamlphp-9635fc06b5158d39bfd9c5e068c5d756207eb5ca.tar.gz simplesamlphp-9635fc06b5158d39bfd9c5e068c5d756207eb5ca.tar.bz2 | |
Bugfix: there's a couple of places in SimpleSAML\Utils\HTTP where we should use the host AND port if the latter is not the default one, but we are only using the host. These are the case for evaluating the 'trusted.url.domains' configuration options (we should allow the host and port we are reachable in, but not other ports in the same host) and the method that returns the host with path, which should include the port if that's not standard (the documentation of the method already says so).
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/SimpleSAML/Utils/HTTP.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php index 00946fc..12809c7 100644 --- a/lib/SimpleSAML/Utils/HTTP.php +++ b/lib/SimpleSAML/Utils/HTTP.php @@ -323,7 +323,7 @@ class HTTP $hostname = $matches[1]; // add self host to the white list - $self_host = self::getSelfHost(); + $self_host = self::getSelfHostWithNonStandardPort(); $trustedSites[] = $self_host; // throw exception due to redirection to untrusted site @@ -642,7 +642,7 @@ class HTTP $baseurl = explode("/", self::getBaseURL()); $elements = array_slice($baseurl, 3 - count($baseurl), count($baseurl) - 4); $path = implode("/", $elements); - return self::getSelfHost()."/".$path; + return self::getSelfHostWithNonStandardPort()."/".$path; } |