Skip to content

Commit 2e43153

Browse files
acmennaacmenna
committed
Added isValidUrl method
1 parent 09489d9 commit 2e43153

1 file changed

Lines changed: 22 additions & 3 deletions

File tree

modules/saml/lib/Message.php

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -496,8 +496,9 @@ public static function processResponse(
496496
/* Validate Response-element destination. */
497497
$currentURL = SimpleSAML_Utilities::selfURLNoQuery();
498498
$msgDestination = $response->getDestination();
499-
if ($msgDestination !== NULL && $msgDestination !== $currentURL) {
500-
throw new Exception('Destination in response doesn\'t match the current URL. Destination is "' .
499+
if ($msgDestination !== NULL && !self::isValidDestination($currentURL, $msgDestination)) {
500+
501+
throw new Exception('Destination in response doesn\'t match the current URL. Destination is "' .
501502
$msgDestination . '", current URL is "' . $currentURL . '".');
502503
}
503504

@@ -667,7 +668,7 @@ private static function processAssertion(
667668
$lastError = 'NotOnOrAfter in SubjectConfirmationData is in the past: ' . $scd->NotOnOrAfter;
668669
continue;
669670
}
670-
if ($scd->Recipient !== NULL && $scd->Recipient !== $currentURL) {
671+
if ($scd->Recipient !== NULL && !self::isValidRecipient($currentURL, $scd->Recipient)) {
671672
$lastError = 'Recipient in SubjectConfirmationData does not match the current URL. Recipient is ' .
672673
var_export($scd->Recipient, TRUE) . ', current URL is ' . var_export($currentURL, TRUE) . '.';
673674
continue;
@@ -764,5 +765,23 @@ public static function getEncryptionKey(SimpleSAML_Configuration $metadata) {
764765

765766
throw new SimpleSAML_Error_Exception('No supported encryption key in ' . var_export($metadata->getString('entityid'), TRUE));
766767
}
768+
769+
public static function isValidDestination($currentUrl, $dstUrl)
770+
{
771+
return self::isValidUrl($currentUrl, $dstUrl);
772+
}
773+
774+
public static function isValidRecipient($currentUrl, $rcpUrl)
775+
{
776+
return self::isValidUrl($currentUrl, $rcpUrl);
777+
}
778+
779+
public static function isValidUrl($currentUrl, $otherUrl)
780+
{
781+
$curParts = parse_url($currentUrl);
782+
$otherParts = parse_url($otherUrl);
783+
784+
return $curParts['host'] == $otherParts['host'];
785+
}
767786

768787
}

0 commit comments

Comments
 (0)