From 2f58c21ae20901b018cf5ce65917313d09f56989 Mon Sep 17 00:00:00 2001 From: Rick Date: Thu, 6 May 2021 16:01:37 +0200 Subject: [PATCH 1/2] Encode sso and slo url in request xml --- lib/Saml2/AuthnRequest.php | 2 +- lib/Saml2/LogoutRequest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Saml2/AuthnRequest.php b/lib/Saml2/AuthnRequest.php index c112a400..86fbe494 100644 --- a/lib/Saml2/AuthnRequest.php +++ b/lib/Saml2/AuthnRequest.php @@ -133,7 +133,7 @@ public function __construct(OneLogin_Saml2_Settings $settings, $forceAuthn = fal $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); $acsUrl = htmlspecialchars($spData['assertionConsumerService']['url'], ENT_QUOTES); - $destination = $this->_settings->getIdPSSOUrl(); + $destination = htmlspecialchars($this->_settings->getIdPSSOUrl(), ENT_QUOTES); $request = <<{$sessionIndex}" : ""; $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); - $destination = $this->_settings->getIdPSLOUrl(); + $destination = htmlspecialchars($this->_settings->getIdPSLOUrl(), ENT_QUOTES); $logoutRequest = << Date: Tue, 11 May 2021 08:04:19 +0200 Subject: [PATCH 2/2] Encode slo url in logout response xml --- lib/Saml2/LogoutResponse.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Saml2/LogoutResponse.php b/lib/Saml2/LogoutResponse.php index 21c1adad..4a64705b 100644 --- a/lib/Saml2/LogoutResponse.php +++ b/lib/Saml2/LogoutResponse.php @@ -240,7 +240,7 @@ public function build($inResponseTo) $issueInstant = OneLogin_Saml2_Utils::parseTime2SAML(time()); $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES); - $destination = $this->_settings->getIdPSLOResponseUrl(); + $destination = htmlspecialchars($this->_settings->getIdPSLOResponseUrl(), ENT_QUOTES); $logoutResponse = <<