9 files changed, 125 insertions, 30 deletions

diff --git a/lib/SimpleSAML/AuthMemCookie.php b/lib/SimpleSAML/AuthMemCookie.php
index ab69515..ef8a077 100644
--- a/lib/SimpleSAML/AuthMemCookie.php
+++ b/lib/SimpleSAML/AuthMemCookie.php
@@ -145,8 +145,7 @@ class SimpleSAML_AuthMemCookie
         $memcache->delete($sessionID);
 
         // delete the session cookie
-        $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
-        $sessionHandler->setCookie($cookieName, null);
+        \SimpleSAML\Utils\HTTP::setCookie($cookieName, null);
     }
 
 
diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php
index 61f5209..22ca6ad 100644
--- a/lib/SimpleSAML/Configuration.php
+++ b/lib/SimpleSAML/Configuration.php
@@ -412,7 +412,7 @@ class SimpleSAML_Configuration
 
 
     /**
-     * Check whether an key in the configuration exists.
+     * Check whether a key in the configuration exists or not.
      *
      * @param string $name The key in the configuration to look for.
      *
@@ -797,7 +797,7 @@ class SimpleSAML_Configuration
      *                  isn't given, the option will be considered to be mandatory. The default value can be
      *                  any value, including null.
      *
-     * @return mixed The option with the given name, or $default if the option isn't found adn $default is given.
+     * @return mixed The option with the given name, or $default if the option isn't found and $default is given.
      *
      * @throws Exception If the option does not have any of the allowed values.
      */
diff --git a/lib/SimpleSAML/Error/Exception.php b/lib/SimpleSAML/Error/Exception.php
index bd54a9a..2227d52 100644
--- a/lib/SimpleSAML/Error/Exception.php
+++ b/lib/SimpleSAML/Error/Exception.php
@@ -196,15 +196,32 @@ class SimpleSAML_Error_Exception extends Exception
     /**
      * Print the backtrace to the log if the 'debug' option is enabled in the configuration.
      */
-    protected function logBacktrace()
+    protected function logBacktrace($level = \SimpleSAML\Logger::DEBUG)
     {
-        if (!SimpleSAML_Configuration::getInstance()->getBoolean('debug', false)) {
+        // see if debugging is enabled for backtraces
+        $debug = SimpleSAML_Configuration::getInstance()->getArrayize('debug', array('backtraces' => false));
+
+        if (!(in_array('backtraces', $debug, true) // implicitly enabled
+              || (array_key_exists('backtraces', $debug) && $debug['backtraces'] === true) // explicitly set
+              // TODO: deprecate the old style and remove it in 2.0
+              || (array_key_exists(0, $debug) && $debug[0] === true) // old style 'debug' configuration option
+        )) {
             return;
         }
 
         $backtrace = $this->formatBacktrace();
+
+        $callback = array('\SimpleSAML\Logger');
+        $functions = array(
+            \SimpleSAML\Logger::ERR     => 'error',
+            \SimpleSAML\Logger::WARNING => 'warning',
+            \SimpleSAML\Logger::INFO    => 'info',
+            \SimpleSAML\Logger::DEBUG   => 'debug',
+        );
+        $callback[] = $functions[$level];
+
         foreach ($backtrace as $line) {
-            SimpleSAML\Logger::debug($line);
+            call_user_func($callback, $line);
         }
     }
 
@@ -224,7 +241,7 @@ class SimpleSAML_Error_Exception extends Exception
             SimpleSAML\Logger::INFO    => 'logInfo',
             SimpleSAML\Logger::DEBUG   => 'logDebug',
         );
-        call_user_func(array($this, $fn[$default_level]));
+        call_user_func(array($this, $fn[$default_level]), $default_level);
     }
 
 
@@ -236,7 +253,7 @@ class SimpleSAML_Error_Exception extends Exception
     public function logError()
     {
         SimpleSAML\Logger::error($this->getClass().': '.$this->getMessage());
-        $this->logBacktrace();
+        $this->logBacktrace(\SimpleSAML\Logger::ERR);
     }
 
 
@@ -248,7 +265,7 @@ class SimpleSAML_Error_Exception extends Exception
     public function logWarning()
     {
         SimpleSAML\Logger::warning($this->getClass().': '.$this->getMessage());
-        $this->logBacktrace();
+        $this->logBacktrace(\SimpleSAML\Logger::WARNING);
     }
 
 
@@ -260,7 +277,7 @@ class SimpleSAML_Error_Exception extends Exception
     public function logInfo()
     {
         SimpleSAML\Logger::info($this->getClass().': '.$this->getMessage());
-        $this->logBacktrace();
+        $this->logBacktrace(\SimpleSAML\Logger::INFO);
     }
 
 
@@ -272,7 +289,7 @@ class SimpleSAML_Error_Exception extends Exception
     public function logDebug()
     {
         SimpleSAML\Logger::debug($this->getClass().': '.$this->getMessage());
-        $this->logBacktrace();
+        $this->logBacktrace(\SimpleSAML\Logger::DEBUG);
     }
 
 
diff --git a/lib/SimpleSAML/Error/NoPassive.php b/lib/SimpleSAML/Error/NoPassive.php
index 73b5cd8..8966dc8 100644
--- a/lib/SimpleSAML/Error/NoPassive.php
+++ b/lib/SimpleSAML/Error/NoPassive.php
@@ -1,6 +1,14 @@
 <?php
 
 
+/**
+ * Class SimpleSAML_Error_NoPassive
+ *
+ * @deprecated This class has been deprecated and will be removed in SimpleSAMLphp 2.0. Please use
+ * SimpleSAML\Module\saml\Error\NoPassive instead.
+ *
+ * @see \SimpleSAML\Module\saml\Error\NoPassive
+ */
 class SimpleSAML_Error_NoPassive extends SimpleSAML_Error_Exception {
 
 }
diff --git a/lib/SimpleSAML/Error/ProxyCountExceeded.php b/lib/SimpleSAML/Error/ProxyCountExceeded.php
index bebe093..0af64d5 100644
--- a/lib/SimpleSAML/Error/ProxyCountExceeded.php
+++ b/lib/SimpleSAML/Error/ProxyCountExceeded.php
@@ -1,6 +1,14 @@
 <?php
 
 
+/**
+ * Class SimpleSAML_Error_ProxyCountExceeded
+ *
+ * @deprecated This class has been deprecated and will be removed in SimpleSAMLphp 2.0. Please use
+ * SimpleSAML\Module\saml\Error\ProxyCountExceeded instead.
+ *
+ * @see \SimpleSAML\Module\saml\Error\ProxyCountExceeded
+ */
 class SimpleSAML_Error_ProxyCountExceeded extends SimpleSAML_Error_Exception {
 
 }
diff --git a/lib/SimpleSAML/Locale/Translate.php b/lib/SimpleSAML/Locale/Translate.php
index dba41a8..6ffd011 100644
--- a/lib/SimpleSAML/Locale/Translate.php
+++ b/lib/SimpleSAML/Locale/Translate.php
@@ -222,6 +222,19 @@ class Translate
 
 
     /**
+     * Mark a string for translation without translating it.
+     *
+     * @param string  $tag A tag name to mark for translation.
+     *
+     * @return string The tag, unchanged.
+     */
+    public function noop($tag)
+    {
+        return $tag;
+    }
+
+
+    /**
      * Translate a tag into the current language, with a fallback to english.
      *
      * This function is used to look up a translation tag in dictionaries, and return the translation into the current
@@ -245,7 +258,7 @@ class Translate
     public function t(
         $tag,
         $replacements = array(),
-        $fallbackdefault = true,
+        $fallbackdefault = true, // TODO: remove this for 2.0. Assume true
         $oldreplacements = array(), // TODO: remove this for 2.0
         $striptags = false // TODO: remove this for 2.0
     ) {
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 25d5596..9f5a50e 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -729,11 +729,31 @@ class HTTP
     {
         $cfg = \SimpleSAML_Configuration::getInstance();
         $baseDir = $cfg->getBaseDir();
-        $current_path = realpath($_SERVER['SCRIPT_FILENAME']);
-        $rel_path = str_replace($baseDir.'www'.DIRECTORY_SEPARATOR, '', $current_path);
-
-        if ($current_path == $rel_path) { // compare loosely ($current_path can be false)
-            // we were accessed from an external script, do not try to apply our base URL
+        $cur_path = realpath($_SERVER['SCRIPT_FILENAME']);
+        // find the path to the current script relative to the www/ directory of SimpleSAMLphp
+        $rel_path = str_replace($baseDir.'www'.DIRECTORY_SEPARATOR, '', $cur_path);
+        // convert that relative path to an HTTP query
+        $url_path = str_replace(DIRECTORY_SEPARATOR, '/', $rel_path);
+        // find where the relative path starts in the current request URI
+        $uri_pos = (!empty($url_path)) ? strpos($_SERVER['REQUEST_URI'], $url_path) : false;
+
+        if ($cur_path == $rel_path || $uri_pos === false) {
+            /*
+             * We were accessed from an external script. This can happen in the following cases:
+             *
+             * - $_SERVER['SCRIPT_FILENAME'] points to a script that doesn't exist. E.g. functional testing. In this
+             *   case, realpath() returns false and str_replace an empty string, so we compare them loosely.
+             *
+             * - The URI requested does not belong to a script in the www/ directory of SimpleSAMLphp. In that case,
+             *   removing SimpleSAMLphp's base dir from the current path yields the same path, so $cur_path and
+             *   $rel_path are equal.
+             *
+             * - The request URI does not match the current script. Even if the current script is located in the www/
+             *   directory of SimpleSAMLphp, the URI does not contain its relative path, and $uri_pos is false.
+             *
+             * It doesn't matter which one of those cases we have. We just know we can't apply our base URL to the
+             * current URI, so we need to build it back from the PHP environment.
+             */
             $protocol = 'http';
             $protocol .= (self::getServerHTTPS()) ? 's' : '';
             $protocol .= '://';
@@ -743,10 +763,7 @@ class HTTP
             return $protocol.$hostname.$port.$_SERVER['REQUEST_URI'];
         }
 
-        $url = self::getBaseURL();
-        $rel_path = str_replace(DIRECTORY_SEPARATOR, '/', $rel_path);
-        $pos = strpos($_SERVER['REQUEST_URI'], $rel_path) + strlen($rel_path);
-        return $url.$rel_path.substr($_SERVER['REQUEST_URI'], $pos);
+        return self::getBaseURL().$rel_path.substr($_SERVER['REQUEST_URI'], $uri_pos + strlen($url_path));
     }
 
 
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index 05206ec..abaa005 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -14,7 +14,7 @@ class XML
 
     /**
      * This function performs some sanity checks on XML documents, and optionally validates them against their schema
-     * if the 'debug.validatexml' option is enabled. A warning will be printed to the log if validation fails.
+     * if the 'validatexml' debugging option is enabled. A warning will be printed to the log if validation fails.
      *
      * @param string $message The SAML document we want to check.
      * @param string $type The type of document. Can be one of:
@@ -41,8 +41,16 @@ class XML
             throw new \SimpleSAML_Error_Exception('XML contained a doctype declaration.');
         }
 
-        $enabled = \SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', null);
-        if (!$enabled) {
+        // see if debugging is enabled for XML validation
+        $debug = \SimpleSAML_Configuration::getInstance()->getArrayize('debug', array('validatexml' => false));
+        $enabled = \SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', false);
+
+        if (!(in_array('validatexml', $debug, true) // implicitly enabled
+              || (array_key_exists('validatexml', $debug) && $debug['validatexml'] === true) // explicitly enabled
+              // TODO: deprecate this option and remove it in 2.0
+              || $enabled // old 'debug.validatexml' configuration option
+        )) {
+            // XML validation is disabled
             return;
         }
 
@@ -84,9 +92,15 @@ class XML
             throw new \InvalidArgumentException('Invalid input parameters.');
         }
 
-        $globalConfig = \SimpleSAML_Configuration::getInstance();
-        if (!$globalConfig->getBoolean('debug', false)) {
-            // message debug disabled
+        // see if debugging is enabled for SAML messages
+        $debug = \SimpleSAML_Configuration::getInstance()->getArrayize('debug', array('saml' => false));
+
+        if (!(in_array('saml', $debug, true) // implicitly enabled
+              || (array_key_exists('saml', $debug) && $debug['saml'] === true) // explicitly enabled
+              // TODO: deprecate the old style and remove it in 2.0
+              || (array_key_exists(0, $debug) && $debug[0] === true) // old style 'debug'
+        )) {
+            // debugging messages is disabled
             return;
         }
 
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index 138423c..af97162 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -38,6 +38,13 @@ class SimpleSAML_XHTML_Template
      */
     private $template = 'default.php';
 
+    /**
+     * The template name.
+     *
+     * @var string
+     */
+    private $twig_template;
+
     /*
      * Main Twig namespace, to avoid misspelling it *again*
      */
@@ -70,7 +77,7 @@ class SimpleSAML_XHTML_Template
      */
     private function normalizeTemplateName($templateName)
     {
-        if (strripos($templateName, '.twig.html')) {
+        if (strripos($templateName, '.twig')) {
             return $templateName;
         }
         $phppos = strripos($templateName, '.php');
@@ -81,7 +88,7 @@ class SimpleSAML_XHTML_Template
         if ($tplpos) {
             $templateName = substr($templateName, 0, $tplpos);
         }
-        return $templateName.'.twig.html';
+        return $templateName.'.twig';
     }
 
 
@@ -560,6 +567,18 @@ class SimpleSAML_XHTML_Template
 
 
     /**
+     * Wrap Language->noop to mark a tag for translation but actually do it later.
+     *
+     * @see \SimpleSAML\Locale\Translate::noop()
+     * @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Translate::t() instead.
+     */
+    public function noop($tag)
+    {
+        return $this->translator->noop($tag);
+    }
+
+
+    /**
      * Wrap Language->t to translate tag into the current language, with a fallback to english.
      *
      * @see \SimpleSAML\Locale\Translate::t()