diff options
| author | Jaime Pérez Crespo <jaime.perez@uninett.no> | 2014-01-24 16:36:54 +0000 |
|---|---|---|
| committer | Jaime Pérez Crespo <jaime.perez@uninett.no> | 2014-01-24 16:36:54 +0000 |
| commit | 57acd8378e263f6abd41a427f01fdcada0391a20 (patch) | |
| tree | 1e4573af30e5c6250fc99697664f6bf3e16081c3 /modules/exampleauth/lib | |
| parent | c21dc1ba0d1073de8f0ed1779f626ee8b132c9f7 (diff) | |
| download | simplesamlphp-57acd8378e263f6abd41a427f01fdcada0391a20.zip simplesamlphp-57acd8378e263f6abd41a427f01fdcada0391a20.tar.gz simplesamlphp-57acd8378e263f6abd41a427f01fdcada0391a20.tar.bz2 | |
Followup on previous commits. Use redirectUntrustedURL() as a shortcut, and let everything else make use of redirectTrustedURL(). Move the responsibility to check the input out of the library, to the places where URLs are grabbed from input parameters.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3332 44740490-163a-0410-bde0-09ae8108e29a
Diffstat (limited to 'modules/exampleauth/lib')
| -rw-r--r-- | modules/exampleauth/lib/Auth/Source/External.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php index d3b16f0..282c6a4 100644 --- a/modules/exampleauth/lib/Auth/Source/External.php +++ b/modules/exampleauth/lib/Auth/Source/External.php @@ -186,6 +186,12 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source { } $stateId = (string)$_REQUEST['State']; + // sanitize the input + $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); + if (!is_null($restartURL)) { + SimpleSAML_Utilities::checkURLAllowed($restartURL); + } + /* * Once again, note the second parameter to the loadState function. This must * match the string we used in the saveState-call above. |