Commit MetaInfo

修订版be47dbcf9b3d32a89f4ae313ea1c8bedae3ce329 (tree)
时间2017-07-09 15:25:27
作者umorigu <umorigu@gmai...>
Commiterumorigu

Log Message

BugTrackj/2411 Parse '?//key1.value2//key2.value2' type querystring

更改概述

差异

--- a/lib/init.php
+++ b/lib/init.php
@@ -329,6 +329,36 @@ if (empty($_POST)) {
329329 $vars = array_merge($_GET, $_POST); // Considered reliable than $_REQUEST
330330 }
331331
332+/**
333+ * Parse specified format query_string as params.
334+ *
335+ * For example: ?//key1.value2//key2.value2
336+ */
337+function parse_query_string_ext($query_string) {
338+ $vars = array();
339+ $m = null;
340+ if (preg_match('#^//[^&]*#', $query_string, $m)) {
341+ pkwk_log("__" . $m[0] . "__");
342+ foreach (explode('//', $m[0]) as $item) {
343+ if ($sp[0]) {
344+ if (isset($sp[1])) {
345+ $vars[$sp[0]] = $sp[1];
346+ } else {
347+ $vars[$sp[0]] = '';
348+ }
349+ }
350+ }
351+ }
352+ return $vars;
353+}
354+
355+if (isset($g_query_string) && $g_query_string) {
356+ if (substr($qs, 0, 2) === '//') {
357+ // Parse ?//key.value//key.value format query string
358+ array_merge($vars, parse_query_string_ext($g_query_string));
359+ }
360+}
361+
332362 // 入力チェック: 'cmd=' and 'plugin=' can't live together
333363 if (isset($vars['cmd']) && isset($vars['plugin']))
334364 die('Using both cmd= and plugin= is not allowed');
--- /dev/null
+++ b/plugin/saml.inc.php
@@ -0,0 +1,121 @@
1+<?php
2+// PukiWiki - Yet another WikiWikiWeb clone.
3+// saml.inc.php
4+// Copyright
5+// 2017 PukiWiki Development Team
6+// License: GPL v2 or (at your option) any later version
7+//
8+// PukiWiki SAML Plugin
9+
10+require 'vendor/autoload.php';
11+require_once 'vendor/onelogin/php-saml/_toolkit_loader.php';
12+
13+define('PLUGIN_SAML_AUTHUSER_ID_ATTR', 'UserId');
14+define('PLUGIN_SAML_AUTHUSER_DISPLAYNAME_ATTR', 'DisplayName');
15+
16+/**
17+ * SAML Handler
18+ */
19+function plugin_saml_action() {
20+ global $vars;
21+ require_once 'saml_settings.php';
22+
23+ pkwk_log("vars:");
24+ pkwk_log(print_r($vars, true));
25+
26+ $auth = new OneLogin_Saml2_Auth($settingsInfo);
27+
28+ if (isset($vars['sso'])) {
29+ // sso: Sign in endpoint before IdP
30+ $url_after_login = $vars['url_after_login'];
31+ $auth->login($url_after_login);
32+ } else if (isset($vars['slo'])) {
33+ // sso: Sign out endpoint before IdP
34+ $returnTo = null;
35+ $paramters = array();
36+ $nameId = null;
37+ $sessionIndex = null;
38+ if (isset($_SESSION['samlNameId'])) {
39+ $nameId = $_SESSION['samlNameId'];
40+ }
41+ if (isset($_SESSION['samlSessionIndex'])) {
42+ $sessionIndex = $_SESSION['samlSessionIndex'];
43+ }
44+ $auth->logout($returnTo, $paramters, $nameId, $sessionIndex);
45+ } else if (isset($vars['acs'])) {
46+ // acs: Sign in endpoint after IdP
47+ $auth->processResponse();
48+ pkwk_log('AAA');
49+
50+ $errors = $auth->getErrors();
51+
52+ if (!empty($errors)) {
53+ return array('msg' => 'SAML Error', print_r('<p>'.implode(', ', $errors).'</p>'));
54+ }
55+
56+ if (!$auth->isAuthenticated()) {
57+ return array('msg' => 'SAML sign in', 'body' => '<p>Not authenticated</p>');
58+ }
59+ $attrs = $auth->getAttributes();
60+ $_SESSION['samlUserdata'] = $attrs;
61+ $_SESSION['samlNameId'] = $auth->getNameId();
62+ $_SESSION['samlSessionIndex'] = $auth->getSessionIndex();
63+ if (isset($attrs[PLUGIN_SAML_AUTHUSER_ID_ATTR])) {
64+ // PukiWiki ExternalAuth requirement
65+ $_SESSION['authenticated_user'] = $attrs[PLUGIN_SAML_AUTHUSER_ID_ATTR];
66+ }
67+ if (isset($attrs[PLUGIN_SAML_AUTHUSER_DISPLAYNAME_ATTR])) {
68+ // PukiWiki ExternalAuth requirement
69+ $_SESSION['authenticated_user_fullname'] = $attrs[PLUGIN_SAML_AUTHUSER_DISPLAYNAME_ATTR];
70+ }
71+
72+ if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
73+ pkwk_log("CCC'". $_POST['RelayState'] . "'");
74+ $auth->redirectTo($_POST['RelayState']);
75+ }
76+ pkwk_log("wwwq");
77+ return array('msg' => 'SAML sign in', 'body' => 'SAML Sined in. but no redirection');
78+ } else if (isset($vars['sls'])) {
79+ // sls: Sign out endpoint after IdP
80+ // onelone/php-saml only supports Redirect SingleLogout
81+ $is_post = $_SERVER['REQUEST_METHOD'] === 'POST';
82+ pkwk_log("AA;");
83+ if ($is_post) {
84+ pkwk_log("BB;");
85+ session_destroy();
86+ $_SESSION = array();
87+ } else {
88+ pkwk_log("CC;");
89+ $auth->processSLO();
90+ $errors = $auth->getErrors();
91+ $msg = '';
92+ if (empty($errors)) {
93+ $msg .= '<p>Sucessfully logged out</p>';
94+ } else {
95+ $msg .= '<p>'.implode(', ', $errors).'</p>';
96+ }
97+ }
98+ return array('msg' => 'SAML sign out', 'body' => 'SAML Sined out. ' . $msg);
99+ } else if (isset($vars['metadata'])) {
100+ // metadata: SP metadata endpoint
101+ try {
102+ $auth = new OneLogin_Saml2_Auth($settingsInfo);
103+ $settings = $auth->getSettings();
104+ $metadata = $settings->getSPMetadata();
105+ $errors = $settings->validateMetadata($metadata);
106+ if (empty($errors)) {
107+ header('Content-Type: text/xml');
108+ echo $metadata;
109+ } else {
110+ throw new OneLogin_Saml2_Error(
111+ 'Invalid SP metadata: '.implode(', ', $errors),
112+ OneLogin_Saml2_Error::METADATA_SP_INVALID
113+ );
114+ }
115+ } catch (Exception $e) {
116+ echo $e->getMessage();
117+ }
118+ exit;
119+ }
120+ return array('msg' => 'Error', 'body' => 'SAML Invalid state srror');
121+}
Show on old repository browser