summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/aselect/www/credentials.php10
-rw-r--r--modules/authYubiKey/lib/Auth/Source/YubiKey.php6
-rw-r--r--modules/authfacebook/www/linkback.php11
-rw-r--r--modules/authlinkedin/www/linkback.php15
-rw-r--r--modules/authmyspace/www/linkback.php13
-rw-r--r--modules/authorize/www/authorize_403.php11
-rw-r--r--modules/authtwitter/www/linkback.php10
-rw-r--r--modules/authwindowslive/www/linkback.php13
-rw-r--r--modules/cas/www/linkback.php10
-rw-r--r--modules/cdc/www/resume.php7
-rw-r--r--modules/consent/www/getconsent.php7
-rw-r--r--modules/consent/www/logout.php10
-rw-r--r--modules/consent/www/noconsent.php7
-rw-r--r--modules/core/lib/Auth/UserPassBase.php6
-rw-r--r--modules/core/lib/Auth/UserPassOrgBase.php12
-rw-r--r--modules/core/www/idp/logout-iframe-done.php10
-rw-r--r--modules/core/www/idp/logout-iframe.php9
-rw-r--r--modules/core/www/idp/resumelogout.php10
-rw-r--r--modules/core/www/loginuserpass.php10
-rw-r--r--modules/core/www/loginuserpassorg.php9
-rw-r--r--modules/core/www/short_sso_interval.php8
-rw-r--r--modules/exampleauth/lib/Auth/Source/External.php9
-rw-r--r--modules/exampleauth/www/authpage.php10
-rw-r--r--modules/exampleauth/www/redirecttest.php11
-rw-r--r--modules/expirycheck/www/about2expire.php9
-rw-r--r--modules/expirycheck/www/expired.php11
-rw-r--r--modules/multiauth/www/selectsource.php9
-rw-r--r--modules/negotiate/www/backend.php10
-rw-r--r--modules/negotiate/www/retry.php10
-rw-r--r--modules/preprodwarning/www/showwarning.php8
-rw-r--r--modules/saml/www/sp/discoresp.php11
-rw-r--r--modules/saml/www/sp/saml1-acs.php10
-rw-r--r--modules/saml/www/sp/saml2-acs.php7
-rw-r--r--modules/saml/www/sp/saml2-logout.php6
34 files changed, 27 insertions, 298 deletions
diff --git a/modules/aselect/www/credentials.php b/modules/aselect/www/credentials.php
index 09b4b06..a1bb004 100644
--- a/modules/aselect/www/credentials.php
+++ b/modules/aselect/www/credentials.php
@@ -9,15 +9,7 @@
if (!array_key_exists('ssp_state', $_REQUEST)) {
throw new SimpleSAML_Error_Exception("Missing ssp_state parameter");
}
-$id = $_REQUEST['ssp_state'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['ssp_state'], 'aselect:login');
if (!array_key_exists('a-select-server', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter"));
diff --git a/modules/authYubiKey/lib/Auth/Source/YubiKey.php b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
index a6227c0..48c3047 100644
--- a/modules/authYubiKey/lib/Auth/Source/YubiKey.php
+++ b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
@@ -123,12 +123,6 @@ class sspmod_authYubiKey_Auth_Source_YubiKey extends SimpleSAML_Auth_Source {
assert('is_string($authStateId)');
assert('is_string($otp)');
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($authStateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
diff --git a/modules/authfacebook/www/linkback.php b/modules/authfacebook/www/linkback.php
index 0ab3656..aed4404 100644
--- a/modules/authfacebook/www/linkback.php
+++ b/modules/authfacebook/www/linkback.php
@@ -7,16 +7,7 @@
if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) {
throw new SimpleSAML_Error_BadRequest('Missing state parameter on facebook linkback endpoint.');
}
-
-$stateID = $_REQUEST['AuthState'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($stateID);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authfacebook_Auth_Source_Facebook::STAGE_INIT);
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], sspmod_authfacebook_Auth_Source_Facebook::STAGE_INIT);
/* Find authentication source. */
if (!array_key_exists(sspmod_authfacebook_Auth_Source_Facebook::AUTHID, $state)) {
diff --git a/modules/authlinkedin/www/linkback.php b/modules/authlinkedin/www/linkback.php
index e65a8aa..8a6c6f4 100644
--- a/modules/authlinkedin/www/linkback.php
+++ b/modules/authlinkedin/www/linkback.php
@@ -4,19 +4,10 @@
* Handle linkback() response from LinkedIn.
*/
-if (array_key_exists('stateid', $_REQUEST)) {
- $stateId = $_REQUEST['stateid'];
-} else {
- throw new Exception('Lost OAuth Client State');
-}
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($stateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
+if (!array_key_exists('stateid', $_REQUEST)) {
+ throw new Exception('Lost OAuth Client State');
}
-
-$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authlinkedin_Auth_Source_LinkedIn::STAGE_INIT);
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['stateid'], sspmod_authlinkedin_Auth_Source_LinkedIn::STAGE_INIT);
// http://developer.linkedin.com/docs/DOC-1008#2_Redirect_the_User_to_our_Authorization_Server
if (array_key_exists('oauth_verifier', $_REQUEST)) {
diff --git a/modules/authmyspace/www/linkback.php b/modules/authmyspace/www/linkback.php
index 4dbaf79..da78d12 100644
--- a/modules/authmyspace/www/linkback.php
+++ b/modules/authmyspace/www/linkback.php
@@ -4,19 +4,10 @@
* Handle linkback() response from MySpace.
*/
-if (array_key_exists('stateid', $_REQUEST)) {
- $stateId = $_REQUEST['stateid'];
-} else {
+if (!array_key_exists('stateid', $_REQUEST)) {
throw new Exception('State Lost - not returned by MySpace Auth');
}
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($stateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authmyspace_Auth_Source_MySpace::STAGE_INIT);
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['stateid'], sspmod_authmyspace_Auth_Source_MySpace::STAGE_INIT);
if (array_key_exists('oauth_problem', $_REQUEST)) {
// oauth_problem of 'user_refused' means user chose not to login with MySpace
diff --git a/modules/authorize/www/authorize_403.php b/modules/authorize/www/authorize_403.php
index 4342e0a..0f57ade 100644
--- a/modules/authorize/www/authorize_403.php
+++ b/modules/authorize/www/authorize_403.php
@@ -8,16 +8,7 @@
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
-
-$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'authorize:Authorize');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['StateId'], 'authorize:Authorize');
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'authorize:authorize_403.php');
diff --git a/modules/authtwitter/www/linkback.php b/modules/authtwitter/www/linkback.php
index 9a397ed..5afca47 100644
--- a/modules/authtwitter/www/linkback.php
+++ b/modules/authtwitter/www/linkback.php
@@ -7,15 +7,7 @@
if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) {
throw new SimpleSAML_Error_BadRequest('Missing state parameter on twitter linkback endpoint.');
}
-$stateID = $_REQUEST['AuthState'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($stateID);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
/* Find authentication source. */
if (!array_key_exists(sspmod_authtwitter_Auth_Source_Twitter::AUTHID, $state)) {
diff --git a/modules/authwindowslive/www/linkback.php b/modules/authwindowslive/www/linkback.php
index 29b8b0d..d2d1d07 100644
--- a/modules/authwindowslive/www/linkback.php
+++ b/modules/authwindowslive/www/linkback.php
@@ -4,19 +4,10 @@
* Handle linkback() response from Windows Live ID.
*/
-if (array_key_exists('wrap_client_state', $_REQUEST)) {
- $stateId = $_REQUEST['wrap_client_state'];
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($stateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
- $state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authwindowslive_Auth_Source_LiveID::STAGE_INIT);
-} else {
+if (!array_key_exists('wrap_client_state', $_REQUEST)) {
throw new Exception('Lost OAuth-WRAP Client State');
}
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['wrap_client_state'], sspmod_authwindowslive_Auth_Source_LiveID::STAGE_INIT);
// http://msdn.microsoft.com/en-us/library/ff749771.aspx
if (array_key_exists('wrap_verification_code', $_REQUEST)) {
diff --git a/modules/cas/www/linkback.php b/modules/cas/www/linkback.php
index 473c44b..3f87b7b 100644
--- a/modules/cas/www/linkback.php
+++ b/modules/cas/www/linkback.php
@@ -7,19 +7,11 @@
if (!isset($_GET['stateID'])) {
throw new SimpleSAML_Error_BadRequest('Missing stateID parameter.');
}
-$stateId = (string)$_GET['stateID'];
+$state = SimpleSAML_Auth_State::loadState($_GET['stateID'], sspmod_cas_Auth_Source_CAS::STAGE_INIT);
if (!isset($_GET['ticket'])) {
throw new SimpleSAML_Error_BadRequest('Missing ticket parameter.');
}
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($stateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_cas_Auth_Source_CAS::STAGE_INIT);
$state['cas:ticket'] = (string)$_GET['ticket'];
/* Find authentication source. */
diff --git a/modules/cdc/www/resume.php b/modules/cdc/www/resume.php
index 8d7258d..a7f8219 100644
--- a/modules/cdc/www/resume.php
+++ b/modules/cdc/www/resume.php
@@ -16,13 +16,6 @@ if ($response === NULL) {
if (!isset($response['id'])) {
throw new SimpleSAML_Error_BadRequest('CDCResponse without id.');
}
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($response['id']);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
$state = SimpleSAML_Auth_State::loadState($response['id'], 'cdc:resume');
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
diff --git a/modules/consent/www/getconsent.php b/modules/consent/www/getconsent.php
index ef66031..66c16c0 100644
--- a/modules/consent/www/getconsent.php
+++ b/modules/consent/www/getconsent.php
@@ -30,13 +30,6 @@ if (!array_key_exists('StateId', $_REQUEST)) {
}
$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
if (array_key_exists('core:SP', $state)) {
diff --git a/modules/consent/www/logout.php b/modules/consent/www/logout.php
index 4bd0938..58de97c 100644
--- a/modules/consent/www/logout.php
+++ b/modules/consent/www/logout.php
@@ -8,15 +8,7 @@
if (!array_key_exists('StateId', $_GET)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
-$id = (string)$_GET['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
+$state = SimpleSAML_Auth_State::loadState($_GET['StateId'], 'consent:request');
$state['Responder'] = array('sspmod_consent_Logout', 'postLogout');
diff --git a/modules/consent/www/noconsent.php b/modules/consent/www/noconsent.php
index 4e847ce..c9715b6 100644
--- a/modules/consent/www/noconsent.php
+++ b/modules/consent/www/noconsent.php
@@ -11,13 +11,6 @@ if (!array_key_exists('StateId', $_REQUEST)) {
}
$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
$state = SimpleSAML_Auth_State::loadState($id, 'consent:request');
$resumeFrom = SimpleSAML_Module::getModuleURL(
diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php
index de79c1f..a97fba7 100644
--- a/modules/core/lib/Auth/UserPassBase.php
+++ b/modules/core/lib/Auth/UserPassBase.php
@@ -233,12 +233,6 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
assert('is_string($username)');
assert('is_string($password)');
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($authStateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
/* Here we retrieve the state array we saved in the authenticate-function. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php
index 1ffdb53..7bbddf2 100644
--- a/modules/core/lib/Auth/UserPassOrgBase.php
+++ b/modules/core/lib/Auth/UserPassOrgBase.php
@@ -208,12 +208,6 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
assert('is_string($password)');
assert('is_string($organization)');
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($authStateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
@@ -262,12 +256,6 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
public static function listOrganizations($authStateId) {
assert('is_string($authStateId)');
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($authStateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
diff --git a/modules/core/www/idp/logout-iframe-done.php b/modules/core/www/idp/logout-iframe-done.php
index fe69f40..eeb4f2b 100644
--- a/modules/core/www/idp/logout-iframe-done.php
+++ b/modules/core/www/idp/logout-iframe-done.php
@@ -3,15 +3,7 @@
if (!isset($_REQUEST['id'])) {
throw new SimpleSAML_Error_BadRequest('Missing required parameter: id');
}
-$id = (string)$_REQUEST['id'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['id'], 'core:Logout-IFrame');
$idp = SimpleSAML_IdP::getByState($state);
$associations = $idp->getAssociations();
diff --git a/modules/core/www/idp/logout-iframe.php b/modules/core/www/idp/logout-iframe.php
index e2a136e..670d330 100644
--- a/modules/core/www/idp/logout-iframe.php
+++ b/modules/core/www/idp/logout-iframe.php
@@ -3,7 +3,6 @@
if (!isset($_REQUEST['id'])) {
throw new SimpleSAML_Error_BadRequest('Missing required parameter: id');
}
-$id = (string)$_REQUEST['id'];
if (isset($_REQUEST['type'])) {
$type = (string)$_REQUEST['type'];
@@ -19,13 +18,7 @@ if ($type !== 'embed' && $type !== 'async') {
SimpleSAML_Stats::log('core:idp:logout-iframe:page', array('type' => $type));
}
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout-IFrame');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['id'], 'core:Logout-IFrame');
$idp = SimpleSAML_IdP::getByState($state);
if ($type !== 'init') {
diff --git a/modules/core/www/idp/resumelogout.php b/modules/core/www/idp/resumelogout.php
index 0077909..7a524f6 100644
--- a/modules/core/www/idp/resumelogout.php
+++ b/modules/core/www/idp/resumelogout.php
@@ -3,15 +3,7 @@
if (!isset($_REQUEST['id'])) {
throw new SimpleSAML_Error_BadRequest('Missing id-parameter.');
}
-$id = (string)$_REQUEST['id'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'core:Logout:afterbridge');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['id'], 'core:Logout:afterbridge');
$idp = SimpleSAML_IdP::getByState($state);
$assocId = $state['core:TerminatedAssocId'];
diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php
index 35994ed..4ce0f93 100644
--- a/modules/core/www/loginuserpass.php
+++ b/modules/core/www/loginuserpass.php
@@ -9,21 +9,13 @@
* @package simpleSAMLphp
*/
+/* Retrieve the authentication state. */
if (!array_key_exists('AuthState', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
}
$authStateId = $_REQUEST['AuthState'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($authStateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_core_Auth_UserPassBase::STAGEID);
-
$source = SimpleSAML_Auth_Source::getById($state[sspmod_core_Auth_UserPassBase::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[sspmod_core_Auth_UserPassBase::AUTHID]);
diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php
index fa6a472..ad4ba44 100644
--- a/modules/core/www/loginuserpassorg.php
+++ b/modules/core/www/loginuserpassorg.php
@@ -9,18 +9,11 @@
* @package simpleSAMLphp
*/
+/* Retrieve the authentication state. */
if (!array_key_exists('AuthState', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
}
$authStateId = $_REQUEST['AuthState'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($authStateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_core_Auth_UserPassOrgBase::STAGEID);
$source = SimpleSAML_Auth_Source::getById($state[sspmod_core_Auth_UserPassOrgBase::AUTHID]);
diff --git a/modules/core/www/short_sso_interval.php b/modules/core/www/short_sso_interval.php
index 6536631..5e225bf 100644
--- a/modules/core/www/short_sso_interval.php
+++ b/modules/core/www/short_sso_interval.php
@@ -9,15 +9,7 @@
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
-
$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
$session = SimpleSAML_Session::getSessionFromRequest();
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php
index c141a4a..3703852 100644
--- a/modules/exampleauth/lib/Auth/Source/External.php
+++ b/modules/exampleauth/lib/Auth/Source/External.php
@@ -183,19 +183,12 @@ class sspmod_exampleauth_Auth_Source_External extends SimpleSAML_Auth_Source {
if (!isset($_REQUEST['State'])) {
throw new SimpleSAML_Error_BadRequest('Missing "State" parameter.');
}
- $stateId = (string)$_REQUEST['State'];
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($stateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
/*
* Once again, note the second parameter to the loadState function. This must
* match the string we used in the saveState-call above.
*/
- $state = SimpleSAML_Auth_State::loadState($stateId, 'exampleauth:External');
+ $state = SimpleSAML_Auth_State::loadState($_REQUEST['State'], 'exampleauth:External');
/*
* Now we have the $state-array, and can use it to locate the authentication
diff --git a/modules/exampleauth/www/authpage.php b/modules/exampleauth/www/authpage.php
index 819cc2c..7b3dca2 100644
--- a/modules/exampleauth/www/authpage.php
+++ b/modules/exampleauth/www/authpage.php
@@ -29,15 +29,7 @@ $returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']);
if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
die('Invalid ReturnTo URL for this example.');
}
-$stateId = urldecode($matches[1]);
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($stateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-SimpleSAML_Auth_State::loadState($stateId, 'exampleauth:External');
+SimpleSAML_Auth_State::loadState(urldecode($matches[1]), 'exampleauth:External');
/*
* The loadState-function will not return if the second parameter does not
diff --git a/modules/exampleauth/www/redirecttest.php b/modules/exampleauth/www/redirecttest.php
index 03ed359..147051c 100644
--- a/modules/exampleauth/www/redirecttest.php
+++ b/modules/exampleauth/www/redirecttest.php
@@ -10,16 +10,7 @@
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
-
-$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'exampleauth:redirectfilter-test');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['StateId'], 'exampleauth:redirectfilter-test');
$state['Attributes']['RedirectTest2'] = array('OK');
diff --git a/modules/expirycheck/www/about2expire.php b/modules/expirycheck/www/about2expire.php
index 551a18c..9531fcb 100644
--- a/modules/expirycheck/www/about2expire.php
+++ b/modules/expirycheck/www/about2expire.php
@@ -11,18 +11,9 @@ SimpleSAML_Logger::info('expirycheck - User has been warned that NetID is near t
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
-
$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:about2expire');
-
if (array_key_exists('yes', $_REQUEST)) {
/* The user has pressed the yes-button. */
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
diff --git a/modules/expirycheck/www/expired.php b/modules/expirycheck/www/expired.php
index 69fb16d..5be027e 100644
--- a/modules/expirycheck/www/expired.php
+++ b/modules/expirycheck/www/expired.php
@@ -11,16 +11,7 @@ SimpleSAML_Logger::info('expirycheck - User has been warned that NetID is near t
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
-
-$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($id, 'expirywarning:expired');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['StateId'], 'expirywarning:expired');
$globalConfig = SimpleSAML_Configuration::getInstance();
diff --git a/modules/multiauth/www/selectsource.php b/modules/multiauth/www/selectsource.php
index ecd7621..8881d86 100644
--- a/modules/multiauth/www/selectsource.php
+++ b/modules/multiauth/www/selectsource.php
@@ -10,18 +10,11 @@
* @package simpleSAMLphp
*/
+/* Retrieve the authentication state. */
if (!array_key_exists('AuthState', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing AuthState parameter.');
}
$authStateId = $_REQUEST['AuthState'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($authStateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_multiauth_Auth_Source_MultiAuth::STAGEID);
if (array_key_exists("SimpleSAML_Auth_Default.id", $state)) {
diff --git a/modules/negotiate/www/backend.php b/modules/negotiate/www/backend.php
index 0292d24..7348fd9 100644
--- a/modules/negotiate/www/backend.php
+++ b/modules/negotiate/www/backend.php
@@ -8,15 +8,7 @@
* @package simpleSAMLphp
*/
-$authStateId = $_REQUEST['AuthState'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($authStateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
SimpleSAML_Logger::debug('backend - fallback: '.$state['LogoutState']['negotiate:backend']);
sspmod_negotiate_Auth_Source_Negotiate::fallBack($state);
diff --git a/modules/negotiate/www/retry.php b/modules/negotiate/www/retry.php
index a659c61..23d51c2 100644
--- a/modules/negotiate/www/retry.php
+++ b/modules/negotiate/www/retry.php
@@ -8,15 +8,7 @@
* @package simpleSAMLphp
*/
-$authStateId = $_REQUEST['AuthState'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($authStateId);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], sspmod_negotiate_Auth_Source_Negotiate::STAGEID);
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted', 'metaindex');
diff --git a/modules/preprodwarning/www/showwarning.php b/modules/preprodwarning/www/showwarning.php
index 43a07cf..7be7493 100644
--- a/modules/preprodwarning/www/showwarning.php
+++ b/modules/preprodwarning/www/showwarning.php
@@ -12,15 +12,7 @@ SimpleSAML_Logger::info('PreProdWarning - Showing warning to user');
if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
-
$id = $_REQUEST['StateId'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($id);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
$state = SimpleSAML_Auth_State::loadState($id, 'warning:request');
diff --git a/modules/saml/www/sp/discoresp.php b/modules/saml/www/sp/discoresp.php
index 5d6d55b..a10c5ec 100644
--- a/modules/saml/www/sp/discoresp.php
+++ b/modules/saml/www/sp/discoresp.php
@@ -11,16 +11,7 @@ if (!array_key_exists('AuthID', $_REQUEST)) {
if (!array_key_exists('idpentityid', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing idpentityid to discovery service response handler');
}
-
-$stateID = $_REQUEST['AuthID'];
-
-// sanitize the input
-$sid = SimpleSAML_Utilities::parseStateID($stateID);
-if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-}
-
-$state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:sp:sso');
/* Find authentication source. */
assert('array_key_exists("saml:sp:AuthId", $state)');
diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index de98e34..a8d1dc7 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -33,15 +33,7 @@ if (preg_match('@^https?://@i', $target)) {
'saml:sp:RelayState' => SimpleSAML_Utilities::checkURLAllowed($target),
);
} else {
- $stateID = $_REQUEST['TARGET'];
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($stateID);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
- $state = SimpleSAML_Auth_State::loadState($stateID, 'saml:sp:sso');
+ $state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
/* Check that the authentication source is correct. */
assert('array_key_exists("saml:sp:AuthId", $state)');
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index b9fb760..d222862 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -56,13 +56,6 @@ $idpMetadata = array();
$stateId = $response->getInResponseTo();
if (!empty($stateId)) {
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($stateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
/* This is a response to a request we sent earlier. */
$state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:sso');
diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index b39f3bf..d3898e7 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -54,12 +54,6 @@ if ($message instanceof SAML2_LogoutResponse) {
SimpleSAML_Logger::warning('Unsuccessful logout. Status was: ' . sspmod_saml_Message::getResponseError($message));
}
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($relayState);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
$state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent');
$state['saml:sp:LogoutStatus'] = $message->getStatus();
SimpleSAML_Auth_Source::completeLogout($state);
generated by cgit v1.1 at 2025-06-04 20:54:20 +0000