Skip to content

Commit ce2294e

Browse files
jaimeperezjaimeperez
committed
Verify URLs before using them.
1 parent 9fee58c commit ce2294e

File tree

2 files changed

+40
-6
lines changed

2 files changed

+40
-6
lines changed

lib/SimpleSAML/Utils/HTTP.php

Lines changed: 36 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,27 @@ public static function getServerPort()
123123
}
124124

125125

126+
/**
127+
* Verify that a given URL is valid.
128+
*
129+
* @param string $url The URL we want to verify.
130+
*
131+
* @return boolean True if the given URL is valid, false otherwise.
132+
*/
133+
public static function isValidURL($url)
134+
{
135+
$url = filter_var($url, FILTER_VALIDATE_URL);
136+
if ($url === false) {
137+
return false;
138+
}
139+
$scheme = parse_url($url, PHP_URL_SCHEME);
140+
if ($scheme !== false && in_array(strtolower($scheme), ['http', 'https'], true)) {
141+
return true;
142+
}
143+
return false;
144+
}
145+
146+
126147
/**
127148
* This function redirects the user to the specified address.
128149
*
@@ -141,6 +162,7 @@ public static function getServerPort()
141162
*
142163
* @return void This function never returns.
143164
* @throws \InvalidArgumentException If $url is not a string or is empty, or $parameters is not an array.
165+
* @throws \SimpleSAML\Error\Exception If $url is not a valid HTTP URL.
144166
*
145167
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
146168
* @author Mads Freek Petersen
@@ -151,6 +173,10 @@ private static function redirect($url, $parameters = [])
151173
if (!is_string($url) || empty($url) || !is_array($parameters)) {
152174
throw new \InvalidArgumentException('Invalid input parameters.');
153175
}
176+
if (!self::isValidURL($url)) {
177+
throw new Error\Exception('Invalid destination URL.');
178+
}
179+
154180
if (!empty($parameters)) {
155181
$url = self::addURLParameters($url, $parameters);
156182
}
@@ -327,7 +353,7 @@ public static function checkURLAllowed($url, array $trustedSites = null)
327353
}
328354
$url = self::normalizeURL($url);
329355

330-
if (filter_var($url, FILTER_VALIDATE_URL) === false) {
356+
if (!self::isValidURL($url)) {
331357
throw new Error\Exception('Invalid URL: '.$url);
332358
}
333359

@@ -625,7 +651,7 @@ public static function getBaseURL()
625651
*/
626652
$c = $globalConfig->toArray();
627653
$c['baseurlpath'] = self::guessBasePath();
628-
throw new \SimpleSAML\Error\CriticalConfigurationError(
654+
throw new Error\CriticalConfigurationError(
629655
'Invalid value for \'baseurlpath\' in config.php. Valid format is in the form: '.
630656
'[(http|https)://(hostname|fqdn)[:port]]/[path/to/simplesaml/]. It must end with a \'/\'.',
631657
null,
@@ -1135,9 +1161,9 @@ public static function setCookie($name, $value, $params = null, $throw = true)
11351161
// Do not set secure cookie if not on HTTPS
11361162
if ($params['secure'] && !self::isHTTPS()) {
11371163
if ($throw) {
1138-
throw new \SimpleSAML\Error\CannotSetCookie(
1164+
throw new Error\CannotSetCookie(
11391165
'Setting secure cookie on plain HTTP is not allowed.',
1140-
\SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE
1166+
Error\CannotSetCookie::SECURE_COOKIE
11411167
);
11421168
}
11431169
Logger::warning('Error setting cookie: setting secure cookie on plain HTTP is not allowed.');
@@ -1213,9 +1239,9 @@ public static function setCookie($name, $value, $params = null, $throw = true)
12131239

12141240
if (!$success) {
12151241
if ($throw) {
1216-
throw new \SimpleSAML\Error\CannotSetCookie(
1242+
throw new Error\CannotSetCookie(
12171243
'Headers already sent.',
1218-
\SimpleSAML\Error\CannotSetCookie::HEADERS_SENT
1244+
Error\CannotSetCookie::HEADERS_SENT
12191245
);
12201246
}
12211247
Logger::warning('Error setting cookie: headers already sent.');
@@ -1232,6 +1258,7 @@ public static function setCookie($name, $value, $params = null, $throw = true)
12321258
* @param array $data An associative array with the data to be posted to $destination.
12331259
*
12341260
* @throws \InvalidArgumentException If $destination is not a string or $data is not an array.
1261+
* @throws \SimpleSAML\Error\Exception If $destination is not a valid HTTP URL.
12351262
*
12361263
* @return void
12371264
*
@@ -1244,6 +1271,9 @@ public static function submitPOSTData($destination, $data)
12441271
if (!is_string($destination) || !is_array($data)) {
12451272
throw new \InvalidArgumentException('Invalid input parameters.');
12461273
}
1274+
if (!self::isValidURL($destination)) {
1275+
throw new Error\Exception('Invalid destination URL.');
1276+
}
12471277

12481278
$config = Configuration::getInstance();
12491279
$allowed = $config->getBoolean('enable.http_post', false);

modules/core/www/postredirect.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,10 @@
4444
assert(array_key_exists('url', $postData));
4545
assert(array_key_exists('post', $postData));
4646

47+
if (!\SimpleSAML\Utils\HTTP::isValidURL($destination)) {
48+
throw new \SimpleSAML\Error\Exception('Invalid destination URL.');
49+
}
50+
4751
$config = \SimpleSAML\Configuration::getInstance();
4852
$template = new \SimpleSAML\XHTML\Template($config, 'post.php');
4953
$template->data['destination'] = $postData['url'];

0 commit comments

Comments
 (0)