diff options
| author | Jaime Pérez <jaime.perez@uninett.no> | 2016-08-22 15:07:01 +0200 |
|---|---|---|
| committer | Jaime Pérez <jaime.perez@uninett.no> | 2016-08-22 16:54:48 +0200 |
| commit | 2155d1ecd3681f3380bb31f8149264975858e83d (patch) | |
| tree | 5a577ecd56885d2ff730f75f93a3e5d632966702 /tests/lib/SimpleSAML | |
| parent | e20a75b3dab280fbfa0403d9c8f0ba3dab03f3d6 (diff) | |
| download | simplesamlphp-2155d1ecd3681f3380bb31f8149264975858e83d.zip simplesamlphp-2155d1ecd3681f3380bb31f8149264975858e83d.tar.gz simplesamlphp-2155d1ecd3681f3380bb31f8149264975858e83d.tar.bz2 | |
bugfix: Do not try to apply SSP's base URL if REQUEST_URI does not match.
It is possible that the current script ($_SERVER['SCRIPT_FILENAME']) is inside SimpleSAMLphp's 'www' directory. However, even if that's the case, we should not enforce our base URL (as set in the 'baseurlpath' configuration option) if the request URI ($_SERVER['REQUEST_URI']) does not contain the relative path to the script. This is the case of AuthMemCookie, for example, where accessing a random URL protected by Apache, leads to the execution of a SimpleSAMLphp script, where SimpleSAML\Utils\HTTP::getSelfURL() must not try to be smart when guessing the current URL.
Diffstat (limited to 'tests/lib/SimpleSAML')
| -rw-r--r-- | tests/lib/SimpleSAML/Utils/HTTPTest.php | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/tests/lib/SimpleSAML/Utils/HTTPTest.php b/tests/lib/SimpleSAML/Utils/HTTPTest.php index b6bfb6b..4fd540c 100644 --- a/tests/lib/SimpleSAML/Utils/HTTPTest.php +++ b/tests/lib/SimpleSAML/Utils/HTTPTest.php @@ -189,12 +189,24 @@ class HTTPTest extends \PHPUnit_Framework_TestCase $this->assertTrue(HTTP::isHTTPS()); $this->assertEquals('https://'.HTTP::getSelfHostWithNonStandardPort(), HTTP::getSelfURLHost()); - // test a valid, full URL, based on a full URL in the configuration + // test a request URI that doesn't match the current script $cfg = \SimpleSAML_Configuration::loadFromArray(array( - 'baseurlpath' => 'https://example.com/simplesaml/', + 'baseurlpath' => 'https://example.org/simplesaml/', ), '[ARRAY]', 'simplesaml'); $baseDir = $cfg->getBaseDir(); $_SERVER['SCRIPT_FILENAME'] = $baseDir.'www/module.php'; + $this->setupEnvFromURL('http://www.example.com/protected/resource.asp?foo=bar'); + $this->assertEquals('http://www.example.com/protected/resource.asp?foo=bar', HTTP::getSelfURL()); + $this->assertEquals('http://www.example.com', HTTP::getSelfURLHost()); + $this->assertEquals('http://www.example.com/protected/resource.asp', HTTP::getSelfURLNoQuery()); + $this->assertFalse(HTTP::isHTTPS()); + $this->assertEquals('example.org', HTTP::getSelfHostWithNonStandardPort()); + $this->assertEquals('http://www.example.com', HTTP::getSelfURLHost()); + + // test a valid, full URL, based on a full URL in the configuration + \SimpleSAML_Configuration::loadFromArray(array( + 'baseurlpath' => 'https://example.com/simplesaml/', + ), '[ARRAY]', 'simplesaml'); $this->setupEnvFromURL('http://www.example.org/module.php/module/file.php?foo=bar'); $this->assertEquals( 'https://example.com/simplesaml/module.php/module/file.php?foo=bar', |