1 | <?php |
||
2 | |||
3 | use SimpleSAML\Error; |
||
0 ignored issues
–
show
|
|||
4 | use SimpleSAML\Module\aggregator2\Aggregator; |
||
5 | use SimpleSAML\Utils; |
||
6 | |||
7 | if (!isset($_REQUEST['id'])) { |
||
8 | throw new Error\BadRequest('Missing required parameter "id".'); |
||
9 | } |
||
10 | $id = strval($_REQUEST['id']); |
||
11 | |||
12 | $set = null; |
||
13 | if (isset($_REQUEST['set'])) { |
||
14 | $set = explode(',', $_REQUEST['set']); |
||
15 | } |
||
16 | |||
17 | $excluded_entities = null; |
||
18 | if (isset($_REQUEST['exclude'])) { |
||
19 | $excluded_entities = explode(',', $_REQUEST['exclude']); |
||
20 | } |
||
21 | |||
22 | $aggregator = Aggregator::getAggregator($id); |
||
23 | $aggregator->setFilters($set); |
||
24 | $aggregator->excludeEntities($excluded_entities); |
||
25 | $xml = $aggregator->getMetadata(); |
||
26 | |||
27 | $mimetype = 'application/samlmetadata+xml'; |
||
28 | $allowedmimetypes = [ |
||
29 | 'text/plain', |
||
30 | 'application/samlmetadata-xml', |
||
31 | 'application/xml', |
||
32 | ]; |
||
33 | |||
34 | if (isset($_GET['mimetype']) && in_array($_GET['mimetype'], $allowedmimetypes)) { |
||
35 | $mimetype = $_GET['mimetype']; |
||
36 | } |
||
37 | |||
38 | if ($mimetype === 'text/plain') { |
||
39 | $xml = Utils\XML::formatXMLString($xml); |
||
40 | } |
||
41 | |||
42 | header('Content-Type: ' . $mimetype); |
||
43 | header('Content-Length: ' . strlen($xml)); |
||
44 | |||
45 | /* |
||
46 | * At this point, if the ID was forged, getMetadata() would |
||
47 | * have failed to find a valid metadata set, so we can trust it. |
||
48 | */ |
||
49 | header('Content-Disposition: filename=' . $id . '.xml'); |
||
50 | |||
51 | echo $xml; |
||
52 |
Let?s assume that you have a directory layout like this:
and let?s assume the following content of
Bar.php
:If both files
OtherDir/Foo.php
andSomeDir/Foo.php
are loaded in the same runtime, you will see a PHP error such as the following:PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php
However, as
OtherDir/Foo.php
does not necessarily have to be loaded and the error is only triggered if it is loaded beforeOtherDir/Bar.php
, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: