Fix #286. Change Fatal Error to Exception on getID methods of LogoutRequest and LogoutResponse

Author: pitbulk

src/Saml2/LogoutRequest.php

@@ -172,6 +172,8 @@ public function getRequest($deflate = null)
      * @param string|DOMDocument $request Logout Request Message
      *
      * @return string ID
+     *
+     * @throws OneLogin_Saml2_Error
      */
     public static function getID($request)
     {
@@ -182,6 +184,14 @@ public static function getID($request)
             $dom = Utils::loadXML($dom, $request);
         }
 
+
+        if (false === $dom) {
+            throw new Error(
+                "LogoutRequest could not be processed",
+                Error::SAML_LOGOUTREQUEST_INVALID
+            );
+        }
+
         $id = $dom->documentElement->getAttribute('ID');
         return $id;
     }

src/Saml2/LogoutResponse.php

@@ -86,6 +86,13 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $response = null
             $this->document = new DOMDocument();
             $this->document = Utils::loadXML($this->document, $this->_logoutResponse);
 
+            if (false === $this->document) {
+                throw new Error(
+                    "LogoutResponse could not be processed",
+                    Error::SAML_LOGOUTRESPONSE_INVALID
+                );
+            }
+
             if ($this->document->documentElement->hasAttribute('ID')) {
                 $this->id = $this->document->documentElement->getAttribute('ID');
             }

tests/src/OneLogin/Saml2/LogoutRequestTest.php

@@ -875,4 +875,22 @@ public function testGetID()
         $id2 = $logoutRequestProcessed->id;
         $this->assertEquals($id1, $id2);
     }
+
+    /**
+     * Tests that the LogoutRequest throws an exception
+     *
+     * @covers OneLogin\Saml2\LogoutRequest::getID()
+     *
+     * @expectedException OneLogin\Saml2\Error
+     * @expectedExceptionMessage LogoutRequest could not be processed
+     */
+    public function testGetIDException()
+    {
+        $settingsDir = TEST_ROOT .'/settings/';
+        include $settingsDir.'settings1.php';
+        $settings = new Settings($settingsInfo);
+        $logoutRequest = new LogoutRequest($settings);
+        $xml = $logoutRequest->getXML();
+        $id1 = LogoutRequest::getID($xml.'<garbage>');
+    }
 }

tests/src/OneLogin/Saml2/LogoutResponseTest.php

@@ -543,4 +543,20 @@ public function testGetID()
         $id2 = $processedLogoutResponse->getID();
         $this->assertEquals($id1, $id2);
     }
+
+    /**
+     * Tests that the LogoutRequest throws an exception
+     *
+     * @covers OneLogin\Saml2\LogoutRequest::getID()
+     *
+     * @expectedException OneLogin\Saml2\Error
+     * @expectedExceptionMessage LogoutResponse could not be processed
+     */
+    public function testGetIDException()
+    {
+        $settingsDir = TEST_ROOT .'/settings/';
+        include $settingsDir.'settings1.php';
+        $settings = new Settings($settingsInfo);
+        $logoutResponse = new LogoutResponse($settings, '<garbage>');
+    }
 }