Add an extra filter to the url to be used on redirection

pitbulk · pitbulk · commit 0e6ee4f12ec7 · 2017-10-18T17:17:17.000+02:00
diff --git a/lib/Saml2/Utils.php b/lib/Saml2/Utils.php
@@ -253,7 +253,7 @@ public static function redirect($url, $parameters = array(), $stay = false)
         }
 
         /* Verify that the URL is to a http or https site. */
-        if (!preg_match('@^https?://@i', $url)) {
+        if (!preg_match('@^https?://@i', $url) || empty($url = filter_var($url, FILTER_VALIDATE_URL))) {
             throw new OneLogin_Saml2_Error(
                 'Redirect to invalid URL: ' . $url,
                 OneLogin_Saml2_Error::REDIRECT_INVALID_URL

Original file line number	Diff line number	Diff line change
`@@ -253,7 +253,7 @@ public static function redirect($url, $parameters = array(), $stay = false)`
`253`	`253`	`}`
`254`	`254`
`255`	`255`	`/* Verify that the URL is to a http or https site. */`
`256`		`- if (!preg_match('@^https?://@i', $url)) {`
	`256`	`+ if (!preg_match('@^https?://@i', $url) \|\| empty($url = filter_var($url, FILTER_VALIDATE_URL))) {`
`257`	`257`	`throw new OneLogin_Saml2_Error(`
`258`	`258`	`'Redirect to invalid URL: ' . $url,`
`259`	`259`	`OneLogin_Saml2_Error::REDIRECT_INVALID_URL`