1 | <?php |
||
2 | |||
3 | use SimpleSAML\Error; |
||
4 | use SimpleSAML\Module\aggregator2\Aggregator; |
||
0 ignored issues
–
show
|
|||
5 | use SimpleSAML\Utils; |
||
6 | |||
7 | if (!isset($_REQUEST['id'])) { |
||
8 | throw new Error\BadRequest('Missing required parameter "id".'); |
||
9 | } |
||
10 | $id = strval($_REQUEST['id']); |
||
11 | |||
12 | $set = null; |
||
13 | if (isset($_REQUEST['set'])) { |
||
14 | $set = explode(',', $_REQUEST['set']); |
||
15 | } |
||
16 | |||
17 | $excluded_entities = null; |
||
18 | if (isset($_REQUEST['exclude'])) { |
||
19 | $excluded_entities = explode(',', $_REQUEST['exclude']); |
||
20 | } |
||
21 | |||
22 | $aggregator = Aggregator::getAggregator($id); |
||
23 | $aggregator->setFilters($set); |
||
24 | $aggregator->excludeEntities($excluded_entities); |
||
25 | $xml = $aggregator->getMetadata(); |
||
26 | |||
27 | $mimetype = 'application/samlmetadata+xml'; |
||
28 | $allowedmimetypes = [ |
||
29 | 'text/plain', |
||
30 | 'application/samlmetadata-xml', |
||
31 | 'application/xml', |
||
32 | ]; |
||
33 | |||
34 | if (isset($_GET['mimetype']) && in_array($_GET['mimetype'], $allowedmimetypes)) { |
||
35 | $mimetype = $_GET['mimetype']; |
||
36 | } |
||
37 | |||
38 | if ($mimetype === 'text/plain') { |
||
39 | $xmlUtils = new Utils\XML(); |
||
40 | $xml = $xmlUtils->formatXMLString($xml); |
||
41 | } |
||
42 | |||
43 | header('Content-Type: ' . $mimetype); |
||
44 | header('Content-Length: ' . strlen($xml)); |
||
45 | |||
46 | /* |
||
47 | * At this point, if the ID was forged, getMetadata() would |
||
48 | * have failed to find a valid metadata set, so we can trust it. |
||
49 | */ |
||
50 | header('Content-Disposition: filename=' . $id . '.xml'); |
||
51 | |||
52 | echo $xml; |
||
53 |
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"]
, you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths