diff options
Diffstat (limited to 'modules')
39 files changed, 123 insertions, 123 deletions
diff --git a/modules/InfoCard/lib/Auth/Source/ICAuth.php b/modules/InfoCard/lib/Auth/Source/ICAuth.php index 0b76ed1..bfefdab 100644 --- a/modules/InfoCard/lib/Auth/Source/ICAuth.php +++ b/modules/InfoCard/lib/Auth/Source/ICAuth.php @@ -69,9 +69,9 @@ class sspmod_InfoCard_Auth_Source_ICAuth extends SimpleSAML_Auth_Source { } // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($authStateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ diff --git a/modules/aselect/www/credentials.php b/modules/aselect/www/credentials.php index dc0afe7..bcdd208 100644 --- a/modules/aselect/www/credentials.php +++ b/modules/aselect/www/credentials.php @@ -13,9 +13,9 @@ function check_credentials() { $id = $_REQUEST['ssp_state']; // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($id); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($id); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'aselect:login'); diff --git a/modules/authYubiKey/lib/Auth/Source/YubiKey.php b/modules/authYubiKey/lib/Auth/Source/YubiKey.php index 6b14128..981c64c 100644 --- a/modules/authYubiKey/lib/Auth/Source/YubiKey.php +++ b/modules/authYubiKey/lib/Auth/Source/YubiKey.php @@ -125,9 +125,9 @@ class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source { assert('is_string($otp)'); // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($authStateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ diff --git a/modules/authfacebook/www/linkback.php b/modules/authfacebook/www/linkback.php index 2305f77..879e3d2 100644 --- a/modules/authfacebook/www/linkback.php +++ b/modules/authfacebook/www/linkback.php @@ -11,9 +11,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) $stateID = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($stateID); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authfacebook_Auth_Source_Facebook::STAGE_INIT); diff --git a/modules/authlinkedin/www/linkback.php b/modules/authlinkedin/www/linkback.php index a169f04..e65a8aa 100644 --- a/modules/authlinkedin/www/linkback.php +++ b/modules/authlinkedin/www/linkback.php @@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) { } // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($stateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authlinkedin_Auth_Source_LinkedIn::STAGE_INIT); diff --git a/modules/authmyspace/www/linkback.php b/modules/authmyspace/www/linkback.php index 81683c8..4dbaf79 100644 --- a/modules/authmyspace/www/linkback.php +++ b/modules/authmyspace/www/linkback.php @@ -11,9 +11,9 @@ if (array_key_exists('stateid', $_REQUEST)) { } // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($stateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authmyspace_Auth_Source_MySpace::STAGE_INIT); diff --git a/modules/authorize/www/authorize_403.php b/modules/authorize/www/authorize_403.php index 613fa10..5152b99 100644 --- a/modules/authorize/www/authorize_403.php +++ b/modules/authorize/www/authorize_403.php @@ -13,9 +13,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'authorize:Authorize'); diff --git a/modules/authtwitter/www/linkback.php b/modules/authtwitter/www/linkback.php index 0ebea75..9a397ed 100644 --- a/modules/authtwitter/www/linkback.php +++ b/modules/authtwitter/www/linkback.php @@ -10,9 +10,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) $stateID = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($stateID); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT); diff --git a/modules/authwindowslive/www/linkback.php b/modules/authwindowslive/www/linkback.php index ee8452d..29b8b0d 100644 --- a/modules/authwindowslive/www/linkback.php +++ b/modules/authwindowslive/www/linkback.php @@ -8,9 +8,9 @@ if (array_key_exists('wrap_client_state', $_REQUEST)) { $stateId = $_REQUEST['wrap_client_state']; // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($stateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authwindowslive_Auth_Source_LiveID::STAGE_INIT); diff --git a/modules/cas/www/linkback.php b/modules/cas/www/linkback.php index 8fe43e2..473c44b 100644 --- a/modules/cas/www/linkback.php +++ b/modules/cas/www/linkback.php @@ -14,9 +14,9 @@ if (!isset($_GET['ticket'])) { } // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($stateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateId, sspmod_cas_Auth_Source_CAS::STAGE_INIT); diff --git a/modules/cdc/www/resume.php b/modules/cdc/www/resume.php index 549be22..8d7258d 100644 --- a/modules/cdc/www/resume.php +++ b/modules/cdc/www/resume.php @@ -18,9 +18,9 @@ if (!isset($response['id'])) { } // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($response['id']); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($response['id']); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($response['id'], 'cdc:resume'); diff --git a/modules/consent/www/getconsent.php b/modules/consent/www/getconsent.php index 3e30817..babbf46 100644 --- a/modules/consent/www/getconsent.php +++ b/modules/consent/www/getconsent.php @@ -33,9 +33,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'consent:request'); diff --git a/modules/consent/www/logout.php b/modules/consent/www/logout.php index 1e46429..a5f7cf6 100644 --- a/modules/consent/www/logout.php +++ b/modules/consent/www/logout.php @@ -12,9 +12,9 @@ if (!array_key_exists('StateId', $_GET)) { $id = (string)$_GET['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'consent:request'); diff --git a/modules/consent/www/noconsent.php b/modules/consent/www/noconsent.php index 37b5920..2b97585 100644 --- a/modules/consent/www/noconsent.php +++ b/modules/consent/www/noconsent.php @@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'consent:request'); diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php index c7ff0be..f734d43 100644 --- a/modules/core/lib/Auth/UserPassBase.php +++ b/modules/core/lib/Auth/UserPassBase.php @@ -198,9 +198,9 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source { assert('is_string($password)'); // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($authStateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Here we retrieve the state array we saved in the authenticate-function. */ diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php index 9c7af97..3e57e4a 100644 --- a/modules/core/lib/Auth/UserPassOrgBase.php +++ b/modules/core/lib/Auth/UserPassOrgBase.php @@ -210,9 +210,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source { assert('is_string($organization)'); // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($authStateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ @@ -264,9 +264,9 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source { assert('is_string($authStateId)'); // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($authStateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ diff --git a/modules/core/www/idp/logout-iframe-done.php b/modules/core/www/idp/logout-iframe-done.php index 6253998..fe69f40 100644 --- a/modules/core/www/idp/logout-iframe-done.php +++ b/modules/core/www/idp/logout-iframe-done.php @@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) { $id = (string)$_REQUEST['id']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame'); diff --git a/modules/core/www/idp/logout-iframe.php b/modules/core/www/idp/logout-iframe.php index 53cdcfc..07a472d 100644 --- a/modules/core/www/idp/logout-iframe.php +++ b/modules/core/www/idp/logout-iframe.php @@ -20,9 +20,9 @@ if ($type !== 'embed' && $type !== 'async') { } // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame'); diff --git a/modules/core/www/idp/resumelogout.php b/modules/core/www/idp/resumelogout.php index f93c8e9..0077909 100644 --- a/modules/core/www/idp/resumelogout.php +++ b/modules/core/www/idp/resumelogout.php @@ -6,9 +6,9 @@ if (!isset($_REQUEST['id'])) { $id = (string)$_REQUEST['id']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'core:Logout:afterbridge'); diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php index cda363b..6a2dc97 100644 --- a/modules/core/www/loginuserpass.php +++ b/modules/core/www/loginuserpass.php @@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) { $authStateId = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($authStateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php index abd9a53..3e5b9fe 100644 --- a/modules/core/www/loginuserpassorg.php +++ b/modules/core/www/loginuserpassorg.php @@ -16,9 +16,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) { $authStateId = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($authStateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ diff --git a/modules/core/www/short_sso_interval.php b/modules/core/www/short_sso_interval.php index e9e5b15..3a44634 100644 --- a/modules/core/www/short_sso_interval.php +++ b/modules/core/www/short_sso_interval.php @@ -14,9 +14,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval'); diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php index 53818e9..256a3de 100644 --- a/modules/exampleauth/lib/Auth/Source/External.php +++ b/modules/exampleauth/lib/Auth/Source/External.php @@ -187,9 +187,9 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source { $stateId = (string)$_REQUEST['State']; // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($stateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* diff --git a/modules/exampleauth/www/authpage.php b/modules/exampleauth/www/authpage.php index bcd01b8..91ff791 100644 --- a/modules/exampleauth/www/authpage.php +++ b/modules/exampleauth/www/authpage.php @@ -33,9 +33,9 @@ if (!preg_match('@State=(.*)@', $returnTo, $matches)) { $stateId = urldecode($matches[1]); // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($stateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } SimpleSAML_Auth_State::loadState($stateId, 'exampleauth:External'); diff --git a/modules/exampleauth/www/redirecttest.php b/modules/exampleauth/www/redirecttest.php index c6d4fb8..8a38fc4 100644 --- a/modules/exampleauth/www/redirecttest.php +++ b/modules/exampleauth/www/redirecttest.php @@ -15,9 +15,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'exampleauth:redirectfilter-test'); diff --git a/modules/expirycheck/www/about2expire.php b/modules/expirycheck/www/about2expire.php index 487b3f8..6717005 100644 --- a/modules/expirycheck/www/about2expire.php +++ b/modules/expirycheck/www/about2expire.php @@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:about2expire'); diff --git a/modules/expirycheck/www/expired.php b/modules/expirycheck/www/expired.php index 5ec7b93..4279f3e 100644 --- a/modules/expirycheck/www/expired.php +++ b/modules/expirycheck/www/expired.php @@ -16,9 +16,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:expired'); diff --git a/modules/multiauth/www/selectsource.php b/modules/multiauth/www/selectsource.php index afa28ed..de27843 100644 --- a/modules/multiauth/www/selectsource.php +++ b/modules/multiauth/www/selectsource.php @@ -17,9 +17,9 @@ if (!array_key_exists('AuthState', $_REQUEST)) { $authStateId = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($authStateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* Retrieve the authentication state. */ diff --git a/modules/negotiate/www/backend.php b/modules/negotiate/www/backend.php index 347ce8d..a3924ab 100644 --- a/modules/negotiate/www/backend.php +++ b/modules/negotiate/www/backend.php @@ -12,9 +12,9 @@ $authStateId = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($authStateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID); diff --git a/modules/negotiate/www/retry.php b/modules/negotiate/www/retry.php index 858b836..1f75c61 100644 --- a/modules/negotiate/www/retry.php +++ b/modules/negotiate/www/retry.php @@ -12,9 +12,9 @@ $authStateId = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($authStateId); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($authStateId); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID); diff --git a/modules/openid/www/consumer.php b/modules/openid/www/consumer.php index 0f8067c..63f83a3 100644 --- a/modules/openid/www/consumer.php +++ b/modules/openid/www/consumer.php @@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) $authState = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($authState); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($authState, 'openid:init'); diff --git a/modules/openid/www/linkback.php b/modules/openid/www/linkback.php index 6108ca7..aa938cc 100644 --- a/modules/openid/www/linkback.php +++ b/modules/openid/www/linkback.php @@ -8,9 +8,9 @@ if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) $authState = $_REQUEST['AuthState']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($authState); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($authState); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($authState, 'openid:auth'); diff --git a/modules/openidProvider/lib/Server.php b/modules/openidProvider/lib/Server.php index 956a7e4..b49223d 100644 --- a/modules/openidProvider/lib/Server.php +++ b/modules/openidProvider/lib/Server.php @@ -330,9 +330,9 @@ class sspmod_openidProvider_Server { assert('is_string($stateId)'); // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($stateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } return SimpleSAML_Auth_State::loadState($stateId, 'openidProvider:resumeState'); diff --git a/modules/papi/lib/Auth/Source/PAPI.php b/modules/papi/lib/Auth/Source/PAPI.php index c074093..d9c39b6 100644 --- a/modules/papi/lib/Auth/Source/PAPI.php +++ b/modules/papi/lib/Auth/Source/PAPI.php @@ -117,9 +117,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source { $this->_stateId = (string)$_REQUEST['SSPStateID']; // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($this->_stateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT); @@ -170,9 +170,9 @@ class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source { $this->_stateId = (string)$_REQUEST['SSPStateID']; // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($this->_stateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($this->_stateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT); diff --git a/modules/preprodwarning/www/showwarning.php b/modules/preprodwarning/www/showwarning.php index 2c50860..1c4c6aa 100644 --- a/modules/preprodwarning/www/showwarning.php +++ b/modules/preprodwarning/www/showwarning.php @@ -17,9 +17,9 @@ if (!array_key_exists('StateId', $_REQUEST)) { $id = $_REQUEST['StateId']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($id); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($id); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'warning:request'); diff --git a/modules/saml/www/sp/discoresp.php b/modules/saml/www/sp/discoresp.php index 1479f8a..5d6d55b 100644 --- a/modules/saml/www/sp/discoresp.php +++ b/modules/saml/www/sp/discoresp.php @@ -15,9 +15,9 @@ if (!array_key_exists('idpentityid', $_REQUEST)) { $stateID = $_REQUEST['AuthID']; // sanitize the input -$restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID); -if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); +$sid = SimpleSAML_Utilities::parseStateID($stateID); +if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso'); diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php index d9a594c..95cc91b 100644 --- a/modules/saml/www/sp/saml1-acs.php +++ b/modules/saml/www/sp/saml1-acs.php @@ -32,9 +32,9 @@ if (preg_match('@^https?://@i', $target)) { $stateID = $_REQUEST['TARGET']; // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateID); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($stateID); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso'); diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php index 09723b6..dc03758 100644 --- a/modules/saml/www/sp/saml2-acs.php +++ b/modules/saml/www/sp/saml2-acs.php @@ -54,9 +54,9 @@ $stateId = $response->getInResponseTo(); if (!empty($stateId)) { // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($stateId); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($stateId); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } /* This is a response to a request we sent earlier. */ diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php index 5d36024..950f3b0 100644 --- a/modules/saml/www/sp/saml2-logout.php +++ b/modules/saml/www/sp/saml2-logout.php @@ -55,9 +55,9 @@ if ($message instanceof SAML2_LogoutResponse) { } // sanitize the input - $restartURL = SimpleSAML_Utilities::getURLFromStateID($relayState); - if (!is_null($restartURL)) { - SimpleSAML_Utilities::checkURLAllowed($restartURL); + $sid = SimpleSAML_Utilities::parseStateID($relayState); + if (!is_null($sid['url'])) { + SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent'); |