From 6a8ad8ff23b52b5fd58f40899984dbdd3fbc8da8 Mon Sep 17 00:00:00 2001 From: Hidde Schultze Date: Sun, 5 Nov 2023 21:53:39 +0100 Subject: [PATCH 1/3] Remove $_POST dependency --- lib/Saml2/Auth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/Saml2/Auth.php b/lib/Saml2/Auth.php index c8a1c6f0..427b9de3 100644 --- a/lib/Saml2/Auth.php +++ b/lib/Saml2/Auth.php @@ -201,13 +201,13 @@ public function setSchemasPath($path) * @throws OneLogin_Saml2_Error * @throws OneLogin_Saml2_ValidationError */ - public function processResponse($requestId = null) + public function processResponse($requestId = null, $payload =[]) { $this->_errors = array(); $this->_errorReason = null; - if (isset($_POST['SAMLResponse'])) { + if (isset($payload['SAMLResponse'])) { // AuthnResponse -- HTTP_POST Binding - $response = new OneLogin_Saml2_Response($this->_settings, $_POST['SAMLResponse']); + $response = new OneLogin_Saml2_Response($this->_settings, $payload['SAMLResponse']); $this->_lastResponse = $response->getXMLDocument(); if ($response->isValid($requestId)) { From 4bdfdd63c4849cca27febb582ed0855bd03c82bb Mon Sep 17 00:00:00 2001 From: Hidde Schultze Date: Sun, 5 Nov 2023 21:58:52 +0100 Subject: [PATCH 2/3] Remove $_GET dep --- lib/Saml2/Auth.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/lib/Saml2/Auth.php b/lib/Saml2/Auth.php index 427b9de3..12b03357 100644 --- a/lib/Saml2/Auth.php +++ b/lib/Saml2/Auth.php @@ -249,12 +249,13 @@ public function processResponse($requestId = null, $payload =[]) * * @throws OneLogin_Saml2_Error */ - public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false, $cbDeleteSession = null, $stay = false) + public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false, $cbDeleteSession = null, $stay = false, $payload = null) { $this->_errors = array(); $this->_errorReason = null; - if (isset($_GET['SAMLResponse'])) { - $logoutResponse = new OneLogin_Saml2_LogoutResponse($this->_settings, $_GET['SAMLResponse']); + $payload = $payload ?: $_GET; + if (isset($payload['SAMLResponse'])) { + $logoutResponse = new OneLogin_Saml2_LogoutResponse($this->_settings, $payload['SAMLResponse']); $this->_lastResponse = $logoutResponse->getXML(); if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) { $this->_errors[] = 'invalid_logout_response'; @@ -271,8 +272,8 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie } } } - } else if (isset($_GET['SAMLRequest'])) { - $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, $_GET['SAMLRequest']); + } else if (isset($payload['SAMLRequest'])) { + $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, $payload['SAMLRequest']); $this->_lastRequest = $logoutRequest->getXML(); if (!$logoutRequest->isValid($retrieveParametersFromServer)) { $this->_errors[] = 'invalid_logout_request'; @@ -294,8 +295,8 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie $logoutResponse = $responseBuilder->getResponse(); $parameters = array('SAMLResponse' => $logoutResponse); - if (isset($_GET['RelayState'])) { - $parameters['RelayState'] = $_GET['RelayState']; + if (isset($payload['RelayState'])) { + $parameters['RelayState'] = $payload['RelayState']; } $security = $this->_settings->getSecurityData(); @@ -305,7 +306,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie $parameters['Signature'] = $signature; } - return $this->redirectTo($this->getSLOResponseUrl(), $parameters, $stay); + return $this->redirectTo($this->getSLOResponseUrl(), $parameters, $stay, $payload); } } else { $this->_errors[] = 'invalid_binding'; @@ -328,13 +329,14 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie * * @throws OneLogin_Saml2_Error */ - public function redirectTo($url = '', $parameters = array(), $stay = false) + public function redirectTo($url = '', $parameters = array(), $stay = false, $payload = null) { assert('is_string($url)'); assert('is_array($parameters)'); - if (empty($url) && isset($_REQUEST['RelayState'])) { - $url = $_REQUEST['RelayState']; + $payload = $payload ?: $_REQUEST; + if (empty($url) && isset($payload['RelayState'])) { + $url = $payload['RelayState']; } return OneLogin_Saml2_Utils::redirect($url, $parameters, $stay); From d1fa7bd0a4d49785c62321cb640006dcfdacf748 Mon Sep 17 00:00:00 2001 From: Hidde Schultze Date: Sun, 5 Nov 2023 21:59:07 +0100 Subject: [PATCH 3/3] Remove $_GET dep --- lib/Saml2/Auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/Saml2/Auth.php b/lib/Saml2/Auth.php index 12b03357..b71eb2ef 100644 --- a/lib/Saml2/Auth.php +++ b/lib/Saml2/Auth.php @@ -201,10 +201,11 @@ public function setSchemasPath($path) * @throws OneLogin_Saml2_Error * @throws OneLogin_Saml2_ValidationError */ - public function processResponse($requestId = null, $payload =[]) + public function processResponse($requestId = null, $payload = null) { $this->_errors = array(); $this->_errorReason = null; + $payload = $payload ?: $_POST; if (isset($payload['SAMLResponse'])) { // AuthnResponse -- HTTP_POST Binding $response = new OneLogin_Saml2_Response($this->_settings, $payload['SAMLResponse']);