diff options
Diffstat (limited to 'modules/exampleauth/lib/Auth/Source/External.php')
| -rw-r--r-- | modules/exampleauth/lib/Auth/Source/External.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php index d3b16f0..282c6a4 100644 --- a/modules/exampleauth/lib/Auth/Source/External.php +++ b/modules/exampleauth/lib/Auth/Source/External.php @@ -186,6 +186,12 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source { } $stateId = (string)$_REQUEST['State']; + // sanitize the input + $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); + if (!is_null($restartURL)) { + SimpleSAML_Utilities::checkURLAllowed($restartURL); + } + /* * Once again, note the second parameter to the loadState function. This must * match the string we used in the saveState-call above. |