4 files changed, 18 insertions, 14 deletions

diff --git a/lib/SimpleSAML/Auth/ProcessingChain.php b/lib/SimpleSAML/Auth/ProcessingChain.php
index 2bc624d..3380840 100644
--- a/lib/SimpleSAML/Auth/ProcessingChain.php
+++ b/lib/SimpleSAML/Auth/ProcessingChain.php
@@ -306,7 +306,7 @@ class SimpleSAML_Auth_ProcessingChain {
 	 * SimpleSAML_Auth_ProcessingChain::AUTHPARAM request parameter. Please
 	 * make sure to sanitize it properly by calling the
 	 * SimpleSAML_Utilities::checkURLAllowed() function with the embedded
-	 * restart URL, if any. See also SimpleSAML_Utilities::getURLFromStateID().
+	 * restart URL, if any. See also SimpleSAML_Utilities::parseStateID().
 	 */
 	public static function fetchProcessedState($id) {
 		assert('is_string($id)');
diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 0b74da2..ccea15f 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -211,10 +211,10 @@ class SimpleSAML_Auth_State {
 		assert('is_bool($allowMissing)');
 		SimpleSAML_Logger::debug('Loading state: ' . var_export($id, TRUE));
 
-		$restartURL = SimpleSAML_Utilities::getURLFromStateID($id);
+		$sid = SimpleSAML_Utilities::parseStateID($id);
 
 		$session = SimpleSAML_Session::getInstance();
-		$state = $session->getData('SimpleSAML_Auth_State', $id);
+		$state = $session->getData('SimpleSAML_Auth_State', $sid['id']);
 
 		if ($state === NULL) {
 			/* Could not find saved data. */
@@ -222,11 +222,11 @@ class SimpleSAML_Auth_State {
 				return NULL;
 			}
 
-			if ($restartURL === NULL) {
+			if ($sid['url'] === NULL) {
 				throw new SimpleSAML_Error_NoState();
 			}
 
-			SimpleSAML_Utilities::redirectTrustedURL($restartURL);
+			SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
 		}
 
 		$state = unserialize($state);
@@ -246,11 +246,11 @@ class SimpleSAML_Auth_State {
 
 			SimpleSAML_Logger::warning($msg);
 
-			if ($restartURL === NULL) {
+			if ($sid['url'] === NULL) {
 				throw new Exception($msg);
 			}
 
-			SimpleSAML_Utilities::redirectTrustedURL($restartURL);
+			SimpleSAML_Utilities::redirectTrustedURL($sid['url']);
 		}
 
 		return $state;
diff --git a/lib/SimpleSAML/IdP/LogoutTraditional.php b/lib/SimpleSAML/IdP/LogoutTraditional.php
index f9fa132..5f934cc 100644
--- a/lib/SimpleSAML/IdP/LogoutTraditional.php
+++ b/lib/SimpleSAML/IdP/LogoutTraditional.php
@@ -77,9 +77,9 @@ class SimpleSAML_IdP_LogoutTraditional extends SimpleSAML_IdP_LogoutHandler {
 		}
 
 		// sanitize the input
-		$restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState);
-		if (!is_null($restartURL)) {
-			SimpleSAML_Utilities::checkURLAllowed($restartURL);
+		$sid = SimpleSAML_Utilities::parseStateID($relayState);
+		if (!is_null($sid['url'])) {
+			SimpleSAML_Utilities::checkURLAllowed($sid['url']);
 		}
 
 		$state = SimpleSAML_Auth_State::loadState($relayState, 'core:LogoutTraditional');
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 096b52b..cc42bfc 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -345,19 +345,23 @@ class SimpleSAML_Utilities {
 
 
 	/**
-	 * Get a URL embedded in a StateID, in the form 'id:url'.
+	 * Get the ID and (optionally) a URL embedded in a StateID,
+	 * in the form 'id:url'.
 	 *
 	 * @param string $stateId The state ID to use.
-	 * @return string The embedded URL if found, NULL otherwise.
+	 * @return array A hashed array with the ID and the URL (if any),
+	 * in the 'id' and 'url' keys, respectively. If there's no URL
+	 * in the input parameter, NULL will be returned as the value for
+	 * the 'url' key.
 	 */
-	public static function getURLFromStateID($stateId) {
+	public static function parseStateID($stateId) {
 		$tmp = explode(':', $stateId, 2);
 		$id = $tmp[0];
 		$url = NULL;
 		if (count($tmp) === 2) {
 			$url = $tmp[1];
 		}
-		return $url;
+		return array('id' => $id, 'url' => $url);
 	}