Wrong third parameters for the getSelfRoutedURLNoQuery in Utils.php #467
Comments
|
This method tries to get a substring from selfRoutedURLNoQuery if an ? appears If you have then it calculates the position of ?, and then get the substring before the ?, so Can you add a debug at this method and print before and after the line of the what values has $pos and $selfRoutedURLNoQuery? |
|
Indeed I have an uri like myproject.com/app/saml/acs?xxxxx. |
|
Thanks for reporting this. |
|
Thanks @pitbulk for this fix. Coult it be added to v3 too? |
|
It is at 3.6.1 branch already: https://github.com/onelogin/php-saml/commits/3.6.1 |
|
@pitbulk we're impacted by this issue too, when do you see 3.6.1 being available as a release? |
|
Versions 2.19.1, 3.6.1 and 4.0.0 released today. Let me know if you experience any issues. |
|
Amazing, thank you! |
Hello,
I'm facing a bug on Utils.php
The code :
$pos = strpos($selfRoutedURLNoQuery, "?");if ($pos !== false) {$selfRoutedURLNoQuery = substr($selfRoutedURLNoQuery, 0, $pos-1);}I'm using this bundle on a Nginx web server routing 2 symfony applications.
On my first app I log my users with SSO and the remote IDP return to the URL I defined => myproject.com/app/saml/acs.
The return request go through the function getSelfRoutedURLNoQuery and at the line 645 the function check if there is a "?" in the request (which in my conf NGINX does).
But if a "?" is found, the route is goes through substr and on my side there is a mistake with the third parameter $pos-1 which remove one char before the ?. So instead of have a route like myproject.com/app/saml/acs I have a route like that : myproject.com/app/saml/ac
In my opinion is a bug and someone should fix into
$selfRoutedURLNoQuery = substr($selfRoutedURLNoQuery, 0, $pos);The text was updated successfully, but these errors were encountered: