From 77b715fe663562e073a961dd2e94409610b00d98 Mon Sep 17 00:00:00 2001 From: Michael Lynn Date: Thu, 7 Sep 2023 00:02:58 +0100 Subject: [PATCH] Fix parsing url with url in parameter --- classes/idp_parser.php | 57 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/classes/idp_parser.php b/classes/idp_parser.php index 5955d2105..9506ff507 100644 --- a/classes/idp_parser.php +++ b/classes/idp_parser.php @@ -104,6 +104,32 @@ public function parse_urls($urls) { continue; } + // @COREHACK fix-parsing-url-with-url-in-parameter. + // Separate out query strings from the URL prefix and build a line without query strings. + $start = strpos($line, "http"); + if ($start === false) { + $terms = array(); + } else { + $terms = explode(" ", substr($line, $start)); + $line = substr($line, 0, $start); + } + + $parameters = array(); + $clean = ""; + foreach ($terms as $term) { + $p = strpos($term, "?"); + if ($p >= 1) { + $parameters[] = substr($term, $p); + $left = substr($term, 0, $p); + } else { + $parameters[] = ""; + $left = $term; + } + $clean .= $left . " "; + } + $line .= trim($clean); + // END COREHACK fix-parsing-url-with-url-in-parameter. + // Separate the line base on the scheme http. The scheme added back to the urls. $parts = array_map('rtrim', explode($scheme, $line)); @@ -113,6 +139,15 @@ public function parse_urls($urls) { $idpurl = $scheme . $parts[1]; $idpicon = $scheme . $parts[2]; + // @COREHACK fix-parsing-url-with-url-in-parameter. + if ($parameters[0]) { + $idpurl .= $parameters[0]; + } + if ($parameters[1]) { + $idpicon .= $parameters[1]; + } + // END COREHACK fix-parsing-url-with-url-in-parameter. + $idpdata = new \auth_saml2\idp_data($idpname, $idpurl, $idpicon); } else if (count($parts) === 2) { @@ -124,18 +159,40 @@ public function parse_urls($urls) { $idpurl = $scheme . $parts[1]; $idpicon = $scheme . $parts[2]; + // @COREHACK fix-parsing-url-with-url-in-parameter. + if ($parameters[0]) { + $idpurl .= $parameters[0]; + } + if ($parameters[1]) { + $idpicon .= $parameters[1]; + } + // END COREHACK fix-parsing-url-with-url-in-parameter. + $idpdata = new \auth_saml2\idp_data(null, $idpurl, $idpicon); } else { // We would then know that is a IdPName + IdPURL combo. $idpname = $parts[0]; $idpurl = $scheme . $parts[1]; + // @COREHACK fix-parsing-url-with-url-in-parameter. + if ($parameters[0]) { + $idpurl .= $parameters[0]; + } + // END COREHACK fix-parsing-url-with-url-in-parameter. + $idpdata = new \auth_saml2\idp_data($idpname, $idpurl, null); } } else if (count($parts) === 1) { // One element is the previous default. $idpurl = $scheme . $parts[0]; + + // @COREHACK fix-parsing-url-with-url-in-parameter. + if ($parameters[0]) { + $idpurl .= $parameters[0]; + } + // END COREHACK fix-parsing-url-with-url-in-parameter. + $idpdata = new \auth_saml2\idp_data(null, $idpurl, null); }