Bugfix: enable strict mode for base64_decode

simplesamlphp · Apr 24, 2024 · 6f6c4ca · 6f6c4ca
1 parent c4a41ee
commit 6f6c4ca
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/src/SAML2/HTTPArtifact.php b/src/SAML2/HTTPArtifact.php
@@ -124,7 +124,7 @@ public function receive(ServerRequestInterface $request): AbstractMessage
     {
         $query = $request->getQueryParams();
         if (array_key_exists('SAMLart', $query)) {
-            $artifact = base64_decode($query['SAMLart']);
+            $artifact = base64_decode($query['SAMLart'], true);
             $endpointIndex = bin2hex(substr($artifact, 2, 2));
             $sourceId = bin2hex(substr($artifact, 4, 20));
         } else {

diff --git a/src/SAML2/HTTPPost.php b/src/SAML2/HTTPPost.php
@@ -90,7 +90,7 @@ public function receive(ServerRequestInterface $request): AbstractMessage
             throw new Exception('Missing SAMLRequest or SAMLResponse parameter.');
         }
 
-        $msgStr = base64_decode($msgStr);
+        $msgStr = base64_decode($msgStr, true);
         $msgStr = DOMDocumentFactory::fromString($msgStr)->saveXML();
 
         $document = DOMDocumentFactory::fromString($msgStr);

diff --git a/src/SAML2/HTTPRedirect.php b/src/SAML2/HTTPRedirect.php
@@ -139,7 +139,7 @@ public function receive(ServerRequestInterface $request): AbstractMessage
             throw new Exception(sprintf('Unknown SAMLEncoding: %s', $query['SAMLEncoding']));
         }
 
-        $message = base64_decode($message);
+        $message = base64_decode($message, true);
         if ($message === false) {
             throw new Exception('Error while base64 decoding SAML message.');
         }

diff --git a/tests/SAML2/HTTPRedirectTest.php b/tests/SAML2/HTTPRedirectTest.php
@@ -174,7 +174,7 @@ public function testSignedRequestValidation(): void
         $signedQuery = 'SAMLRequest=' . urlencode($q['SAMLRequest']);
         $signedQuery .= '&RelayState=' . urlencode($q['RelayState']);
         $signedQuery .= '&SigAlg=' . urlencode($q['SigAlg']);
-        $this->assertTrue($verifier->verify($signedQuery, base64_decode($q['Signature'])));
+        $this->assertTrue($verifier->verify($signedQuery, base64_decode($q['Signature'], true)));
 
         // validate with another cert, should fail
         $verifier = (new SignatureAlgorithmFactory())->getAlgorithm(
@@ -185,7 +185,7 @@ public function testSignedRequestValidation(): void
         $signedQuery = 'SAMLRequest=' . urlencode($q['SAMLRequest']);
         $signedQuery .= '&RelayState=' . urlencode($q['RelayState']);
         $signedQuery .= '&SigAlg=' . urlencode($q['SigAlg']);
-        $this->assertFalse($verifier->verify($signedQuery, base64_decode($q['Signature'])));
+        $this->assertFalse($verifier->verify($signedQuery, base64_decode($q['Signature'], true)));
     }
 
 
@@ -263,7 +263,7 @@ public function testInvalidRequestData(): void
         $request = $request->withQueryParams($q);
 
         $this->expectException(Exception::class);
-        $this->expectExceptionMessage('Error while inflating');
+        $this->expectExceptionMessage('Error while base64 decoding SAML message.');
         $hr = new HTTPRedirect();
         @$hr->receive($request);
     }