MDL-53519 auth_cas: update cas to version 1.3.4

moodle · Mar 21, 2016 · dfc7c0a · dfc7c0a
1 parent e8952c5
commit dfc7c0a
Show file tree

Hide file tree

Showing 8 changed files with 453 additions and 42 deletions.
diff --git a/auth/cas/CAS/CAS.php b/auth/cas/CAS/CAS.php
@@ -63,7 +63,7 @@
 /**
  * phpCAS version. accessible for the user by phpCAS::getVersion().
  */
-define('PHPCAS_VERSION', '1.3.3');
+define('PHPCAS_VERSION', '1.3.4');
 
 /**
  * @addtogroup public
@@ -138,6 +138,11 @@
  */
 define("SAML_ATTRIBUTES", 'SAMLATTRIBS');
 
+/**
+ * SAML Attributes
+ */
+define("DEFAULT_ERROR", 'Internal script failure');
+
 /** @} */
 /**
  * @addtogroup publicPGTStorage
@@ -241,7 +246,13 @@
 /**
  * The default directory for the debug file under Unix.
  */
-define('DEFAULT_DEBUG_DIR', '/tmp/');
+function gettmpdir() {
+if (!empty($_ENV['TMP'])) { return realpath($_ENV['TMP']); }
+if (!empty($_ENV['TMPDIR'])) { return realpath( $_ENV['TMPDIR']); }
+if (!empty($_ENV['TEMP'])) { return realpath( $_ENV['TEMP']); }
+return "/tmp";
+}
+define('DEFAULT_DEBUG_DIR', gettmpdir()."/");
 
 /** @} */
 
@@ -271,6 +282,7 @@ class phpCAS
     /**
      * This variable is used by the interface class phpCAS.
      *
+     * @var CAS_Client
      * @hideinitializer
      */
     private static $_PHPCAS_CLIENT;
@@ -290,6 +302,15 @@ class phpCAS
      */
     private static $_PHPCAS_DEBUG;
 
+    /**
+     * This variable is used to enable verbose mode
+     * This pevents debug info to be show to the user. Since it's a security
+     * feature the default is false
+     *
+     * @hideinitializer
+     */
+    private static $_PHPCAS_VERBOSE = false;
+
 
     // ########################################################################
     //  INITIALIZATION
@@ -388,6 +409,16 @@ public static function proxy($server_version, $server_hostname,
         phpCAS :: traceEnd();
     }
 
+    /**
+     * Answer whether or not the client or proxy has been initialized
+     *
+     * @return bool
+     */
+    public static function isInitialized ()
+    {
+        return (is_object(self::$_PHPCAS_CLIENT));
+    }
+
     /** @} */
     // ########################################################################
     //  DEBUGGING
@@ -435,11 +466,39 @@ public static function setDebug($filename = '')
             self::$_PHPCAS_DEBUG['filename'] = $filename;
             self::$_PHPCAS_DEBUG['indent'] = 0;
 
-            phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************');
+            phpCAS :: trace('START ('.date("Y-m-d H:i:s").') phpCAS-' . PHPCAS_VERSION . ' ******************');
+        }
+    }
+
+    /**
+     * Enable verbose errors messages in the website output
+     * This is a security relevant since internal status info may leak an may
+     * help an attacker. Default is therefore false
+     *
+     * @param bool $verbose enable verbose output
+     *
+     * @return void
+     */
+    public static function setVerbose($verbose)
+    {
+        if ($verbose === true) {
+            self::$_PHPCAS_VERBOSE = true;
+        } else {
+            self::$_PHPCAS_VERBOSE = false;
         }
     }
 
 
+    /**
+     * Show is verbose mode is on
+     *
+     * @return boot verbose
+     */
+    public static function getVerbose()
+    {
+        return self::$_PHPCAS_VERBOSE;
+    }
+
     /**
      * Logs a string in debug mode.
      *
@@ -484,6 +543,7 @@ public static function log($str)
      */
     public static function error($msg)
     {
+        phpCAS :: traceBegin();
         $dbg = debug_backtrace();
         $function = '?';
         $file = '?';
@@ -499,8 +559,12 @@ public static function error($msg)
                 }
             }
         }
-        echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";
-        phpCAS :: trace($msg);
+        if (self::$_PHPCAS_VERBOSE) {
+            echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";
+        } else {
+            echo "<br />\n<b>Error</b>: <font color=\"FF0000\"><b>". DEFAULT_ERROR ."</b><br />\n";
+        }
+        phpCAS :: trace($msg . ' in ' . $file . 'on line ' . $line );
         phpCAS :: traceEnd();
 
         throw new CAS_GracefullTerminationException(__CLASS__ . "::" . $function . '(): ' . $msg);
@@ -520,7 +584,8 @@ public static function trace($str)
     }
 
     /**
-     * This method is used to indicate the start of the execution of a function in debug mode.
+     * This method is used to indicate the start of the execution of a function
+     * in debug mode.
      *
      * @return void
      */
@@ -1365,7 +1430,7 @@ public static function logout($params = "")
      * This method is used to logout from CAS. Halts by redirecting to the CAS
      * server.
      *
-     * @param service $service a URL that will be transmitted to the CAS server
+     * @param string $service a URL that will be transmitted to the CAS server
      *
      * @return void
      */
@@ -1636,7 +1701,8 @@ public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain)
         phpCAS::_validateClientExists();
 
         if (self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0
-            && self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_3_0) {
+            && self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_3_0
+        ) {
             phpCAS :: error('this method can only be used with the cas 2.0/3.0 protocols');
         }
         self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain);