prevent php-warnings, closes #3220

Closes #3220 Merge request studip/studip!2182

prevent php-warnings, closes #3220
d3cc6944 · David Siegfried · Jan-Hendrik Willms · e2792ee8 · d3cc6944
Commit d3cc6944 authored 1 year ago by David Siegfried Committed by Jan-Hendrik Willms 1 year ago
--- a/lib/classes/auth_plugins/StudipAuthShib.class.php
+++ b/lib/classes/auth_plugins/StudipAuthShib.class.php
@@ -93,21 +93,22 @@ class StudipAuthShib extends StudipAuthSSO
            return $this->getUser();
        }
-        $remote_user = $_SERVER[$this->env_remote_user];
+        $remote_user = $_SERVER[$this->env_remote_user] ?? $_SERVER['REMOTE_USER'] ?? '';
-        if (empty($remote_user)) {
-            $remote_user = $_SERVER['REMOTE_USER'];
-        }
        if (empty($remote_user) || isset($this->validate_url)) {
            if (Request::get('sso') === $this->plugin_name) {
                // force Shibboleth authentication (lazy session)
-                $shib_url = $this->session_initiator;
+                $shib_url = URLHelper::getURL(
-                $shib_url .= strpos($shib_url, '?') === false ? '?' : '&';
+                    $this->session_initiator,
-                $shib_url .= 'target=' . urlencode($this->getURL());
+                    ['target' => $this->getURL()],
+                    true
+                );
                // break redirection loop in case of misconfiguration
-                if (strstr($_SERVER['HTTP_REFERER'], 'target=') === false) {
+                if (
+                    isset($_SERVER['HTTP_REFERER'])
+                    && !str_contains($_SERVER['HTTP_REFERER'], 'target=')
+                ) {
                    header('Location: ' . $shib_url);
                    echo '<html></html>';
                    exit();