From d3cc69449e120a577660afd477cb34e32e15d7c1 Mon Sep 17 00:00:00 2001
From: David Siegfried <david.siegfried@uni-vechta.de>
Date: Thu, 21 Sep 2023 13:53:51 +0000
Subject: [PATCH] prevent php-warnings, closes #3220
Closes #3220
Merge request studip/studip!2182
---
.../auth_plugins/StudipAuthShib.class.php | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/lib/classes/auth_plugins/StudipAuthShib.class.php b/lib/classes/auth_plugins/StudipAuthShib.class.php
index 8f31eef5237..3cba5866f3b 100644
--- a/lib/classes/auth_plugins/StudipAuthShib.class.php
+++ b/lib/classes/auth_plugins/StudipAuthShib.class.php
@@ -93,21 +93,22 @@ class StudipAuthShib extends StudipAuthSSO
return $this->getUser();
}
- $remote_user = $_SERVER[$this->env_remote_user];
-
- if (empty($remote_user)) {
- $remote_user = $_SERVER['REMOTE_USER'];
- }
+ $remote_user = $_SERVER[$this->env_remote_user] ?? $_SERVER['REMOTE_USER'] ?? '';
if (empty($remote_user) || isset($this->validate_url)) {
if (Request::get('sso') === $this->plugin_name) {
// force Shibboleth authentication (lazy session)
- $shib_url = $this->session_initiator;
- $shib_url .= strpos($shib_url, '?') === false ? '?' : '&';
- $shib_url .= 'target=' . urlencode($this->getURL());
+ $shib_url = URLHelper::getURL(
+ $this->session_initiator,
+ ['target' => $this->getURL()],
+ true
+ );
// break redirection loop in case of misconfiguration
- if (strstr($_SERVER['HTTP_REFERER'], 'target=') === false) {
+ if (
+ isset($_SERVER['HTTP_REFERER'])
+ && !str_contains($_SERVER['HTTP_REFERER'], 'target=')
+ ) {
header('Location: ' . $shib_url);
echo '<html></html>';
exit();
--
GitLab