From f235272e94c4a514ded9cd8b5d0b628806a1e8ac Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Fri, 10 Dec 2010 01:01:12 +0000 Subject: [PATCH] https://issues.shibboleth.net/jira/browse/SSPCPP-322 --- schemas/shibboleth-2.0-native-sp-config.xsd | 1 + shibsp/ServiceProvider.cpp | 42 +++++++++++++++++++---------- 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd index 7c39b8e..a36efe3 100644 --- a/schemas/shibboleth-2.0-native-sp-config.xsd +++ b/schemas/shibboleth-2.0-native-sp-config.xsd @@ -245,6 +245,7 @@ + diff --git a/shibsp/ServiceProvider.cpp b/shibsp/ServiceProvider.cpp index b358948..8c5131d 100644 --- a/shibsp/ServiceProvider.cpp +++ b/shibsp/ServiceProvider.cpp @@ -439,6 +439,12 @@ pair ServiceProvider::doExport(SPRequest& request, bool requireSessio return make_pair(false,0L); // just bail silently } + pair enc = settings.first->getString("encoding"); + if (enc.first && strcmp(enc.second, "URL")) + throw ConfigurationException("Unsupported value for 'encoding' content setting ($1).", params(1,enc.second)); + + const URLEncoder* encoder = XMLToolingConfig::getConfig().getURLEncoder(); + app->setHeader(request, "Shib-Application-ID", app->getId()); app->setHeader(request, "Shib-Session-ID", session->getID()); @@ -469,7 +475,6 @@ pair ServiceProvider::doExport(SPRequest& request, bool requireSessio if (!exportLocation.first) log.warn("can't export assertions without an exportLocation Sessions property"); else { - const URLEncoder* encoder = XMLToolingConfig::getConfig().getURLEncoder(); string exportName = "Shib-Assertion-00"; string baseURL; if (!strncmp(exportLocation.second, "http", 4)) @@ -500,18 +505,24 @@ pair ServiceProvider::doExport(SPRequest& request, bool requireSessio for (vector::const_iterator v = vals.begin(); v!=vals.end(); ++v) { if (!header.empty()) header += ";"; - string::size_type pos = v->find_first_of(';',string::size_type(0)); - if (pos!=string::npos) { - string value(*v); - for (; pos != string::npos; pos = value.find_first_of(';',pos)) { - value.insert(pos, "\\"); - pos += 2; - } - header += value; - } - else { - header += (*v); - } + if (enc.first) { + // If URL-encoding, any semicolons will get escaped anyway. + header += encoder->encode(v->c_str()); + } + else { + string::size_type pos = v->find_first_of(';',string::size_type(0)); + if (pos!=string::npos) { + string value(*v); + for (; pos != string::npos; pos = value.find_first_of(';',pos)) { + value.insert(pos, "\\"); + pos += 2; + } + header += value; + } + else { + header += (*v); + } + } } app->setHeader(request, a->first.c_str(), header.c_str()); } @@ -525,7 +536,10 @@ pair ServiceProvider::doExport(SPRequest& request, bool requireSessio for (; matches.first != matches.second; ++matches.first) { const vector& vals = matches.first->second->getSerializedValues(); if (!vals.empty()) { - request.setRemoteUser(vals.front().c_str()); + if (enc.first) + request.setRemoteUser(encoder->encode(vals.front().c_str()).c_str()); + else + request.setRemoteUser(vals.front().c_str()); remoteUserSet = true; break; } -- 2.1.4