From 54b7006826fd06e8e2bc251aaba38cccc85b3936 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 4 Nov 2009 15:13:57 +0000
Subject: [PATCH] https://issues.shibboleth.net/jira/browse/SSPCPP-255

---
 configure.ac                                     | 13 ++++---------
 saml/saml1/binding/impl/SAML1POSTEncoder.cpp     |  8 ++++----
 saml/saml2/binding/impl/SAML2ArtifactEncoder.cpp |  5 +++--
 saml/saml2/binding/impl/SAML2POSTEncoder.cpp     |  8 ++++----
 4 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/configure.ac b/configure.ac
index 7ad9034..fd1a766 100644
--- a/configure.ac
+++ b/configure.ac
@@ -243,15 +243,10 @@ AC_ARG_WITH(xmltooling,
 LIBS="-lxmltooling $LIBS"
 AC_CHECK_HEADER([xmltooling/XMLToolingConfig.h],,AC_MSG_ERROR([unable to find xmltooling header files]))
 AC_TRY_LINK(
-    [#include <xmltooling/XMLToolingConfig.h>
-#include <xmltooling/version.h>],
-    [#if _XMLTOOLING_VERSION >= 10200
-xmltooling::XMLToolingConfig::getConfig();
-#else
-#error Need XMLTooling version 1.2 or higher
-#endif],
-        [AC_DEFINE(HAVE_XMLTOOLING,1,[Define if xmltooling library was found])],
-        [AC_MSG_ERROR([unable to link with XMLTooling, or version was too old])])
+    [#include <xmltooling/io/HTTPResponse.h>],
+    [xmltooling::HTTPResponse::sanitizeURL("http://test")],
+    [AC_DEFINE(HAVE_XMLTOOLING,1,[Define if xmltooling library was found])],
+    [AC_MSG_ERROR([unable to link with XMLTooling, or version was too old])])
 
 # Check for unit test support
 CXXTEST="/usr/bin/cxxtestgen.pl"
diff --git a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
index 89fa3e9..94b7f16 100644
--- a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
+++ b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
@@ -108,12 +108,12 @@ long SAML1POSTEncoder::encode(
     xmltooling::NDC ndc("encode");
 #endif
     Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML1POST");
+    log.debug("validating input");
 
     TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine();
-    if (!engine)
-        throw BindingException("Encoding response using POST requires a TemplateEngine instance.");
-    
-    log.debug("validating input");
+    if (!engine || !destination)
+        throw BindingException("Encoding response using POST requires a TemplateEngine instance and a destination.");
+    HTTPResponse::sanitizeURL(destination);
     if (xmlObject->getParent())
         throw BindingException("Cannot encode XML content with parent.");
     Response* response = dynamic_cast<Response*>(xmlObject);
diff --git a/saml/saml2/binding/impl/SAML2ArtifactEncoder.cpp b/saml/saml2/binding/impl/SAML2ArtifactEncoder.cpp
index 7c4d16f..80626f5 100644
--- a/saml/saml2/binding/impl/SAML2ArtifactEncoder.cpp
+++ b/saml/saml2/binding/impl/SAML2ArtifactEncoder.cpp
@@ -114,14 +114,14 @@ long SAML2ArtifactEncoder::encode(
     xmltooling::NDC ndc("encode");
 #endif
     Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2Artifact");
-
     log.debug("validating input");
+    if (!destination)
+        throw BindingException("Encoding response requires a destination.");
     HTTPResponse* httpResponse=dynamic_cast<HTTPResponse*>(&genericResponse);
     if (!httpResponse)
         throw BindingException("Unable to cast response interface to HTTPResponse type.");
     if (relayState && strlen(relayState)>80)
         throw BindingException("RelayState cannot exceed 80 bytes in length.");
-    
     if (xmlObject->getParent())
         throw BindingException("Cannot encode XML content with parent.");
 
@@ -193,6 +193,7 @@ long SAML2ArtifactEncoder::encode(
         TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine();
         if (!engine)
             throw BindingException("Encoding artifact using POST requires a TemplateEngine instance.");
+        HTTPResponse::sanitizeURL(destination);
         ifstream infile(m_template.c_str());
         if (!infile)
             throw BindingException("Failed to open HTML template for POST response ($1).", params(1,m_template.c_str()));
diff --git a/saml/saml2/binding/impl/SAML2POSTEncoder.cpp b/saml/saml2/binding/impl/SAML2POSTEncoder.cpp
index f2f7714..0ae7408 100644
--- a/saml/saml2/binding/impl/SAML2POSTEncoder.cpp
+++ b/saml/saml2/binding/impl/SAML2POSTEncoder.cpp
@@ -115,12 +115,12 @@ long SAML2POSTEncoder::encode(
     xmltooling::NDC ndc("encode");
 #endif
     Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2POST");
+    log.debug("validating input");
 
     TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine();
-    if (!engine)
-        throw BindingException("Encoding message using POST requires a TemplateEngine instance.");
-    
-    log.debug("validating input");
+    if (!engine || !destination)
+        throw BindingException("Encoding message using POST requires a TemplateEngine instance and a destination.");
+    HTTPResponse::sanitizeURL(destination);
     if (xmlObject->getParent())
         throw BindingException("Cannot encode XML content with parent.");
     
-- 
2.1.4