mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-04 10:03:42 +02:00
make testEncodedObjectGUID more robust against false positives
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
parent
b05f6f9589
commit
9672ed6ca5
|
@ -702,6 +702,11 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public function testEncodedObjectGUID(string $uid): string {
|
public function testEncodedObjectGUID(string $uid): string {
|
||||||
|
if (preg_match('/[^a-zA-Z0-9=+\/]/', $uid) !== 0) {
|
||||||
|
// certainly not encoded
|
||||||
|
return $uid;
|
||||||
|
}
|
||||||
|
|
||||||
$candidate = base64_decode($uid, false);
|
$candidate = base64_decode($uid, false);
|
||||||
if($candidate === false) {
|
if($candidate === false) {
|
||||||
return $uid;
|
return $uid;
|
||||||
|
|
|
@ -289,6 +289,8 @@ class UserBackendTest extends TestCase {
|
||||||
['EDE70D16-B9D5-4E9A-ABD7-614D17246E3F', 'EDE70D16-B9D5-4E9A-ABD7-614D17246E3F'],
|
['EDE70D16-B9D5-4E9A-ABD7-614D17246E3F', 'EDE70D16-B9D5-4E9A-ABD7-614D17246E3F'],
|
||||||
['Tm8gY29udmVyc2lvbgo=', 'Tm8gY29udmVyc2lvbgo='],
|
['Tm8gY29udmVyc2lvbgo=', 'Tm8gY29udmVyc2lvbgo='],
|
||||||
['ASfjU2OYEd69ZgAVF4pePA==', '53E32701-9863-DE11-BD66-0015178A5E3C'],
|
['ASfjU2OYEd69ZgAVF4pePA==', '53E32701-9863-DE11-BD66-0015178A5E3C'],
|
||||||
|
['aaabbbcc@aa.bbbccdd.eee.ff', 'aaabbbcc@aa.bbbccdd.eee.ff'],
|
||||||
|
['aaabbbcccaa.bbbccdddeee', 'aaabbbcccaa.bbbccdddeee']
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue