Bugfix: enable strict mode for base64_decode

simplesamlphp · Apr 25, 2024 · 9545abd · 9545abd
1 parent 1b5d487
commit 9545abd
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,5 +2,6 @@
 /cache.properties
 /composer.lock
 /composer.phar
+/.phpunit.cache/
 /vendor/
 .phpunit.result.cache
diff --git a/src/SAML2/HTTPArtifact.php b/src/SAML2/HTTPArtifact.php
@@ -100,7 +100,7 @@ public function send(Message $message) : void
     public function receive(): Message
     {
         if (array_key_exists('SAMLart', $_REQUEST)) {
-            $artifact = base64_decode($_REQUEST['SAMLart']);
+            $artifact = base64_decode($_REQUEST['SAMLart'], true);
             $endpointIndex = bin2hex(substr($artifact, 2, 2));
             $sourceId = bin2hex(substr($artifact, 4, 20));
         } else {

diff --git a/src/SAML2/HTTPPost.php b/src/SAML2/HTTPPost.php
@@ -75,7 +75,7 @@ public function receive(): Message
             throw new \Exception('Missing SAMLRequest or SAMLResponse parameter.');
         }
 
-        $msgStr = base64_decode($msgStr);
+        $msgStr = base64_decode($msgStr, true);
 
         $xml = new \DOMDocument();
         $xml->loadXML($msgStr);

diff --git a/src/SAML2/HTTPRedirect.php b/src/SAML2/HTTPRedirect.php
@@ -116,7 +116,7 @@ public function receive(): Message
             throw new \Exception('Unknown SAMLEncoding: '.var_export($data['SAMLEncoding'], true));
         }
 
-        $message = base64_decode($message);
+        $message = base64_decode($message, true);
         if ($message === false) {
             throw new \Exception('Error while base64 decoding SAML message.');
         }

diff --git a/tests/SAML2/HTTPRedirectTest.php b/tests/SAML2/HTTPRedirectTest.php
@@ -4,6 +4,7 @@
 
 namespace SAML2;
 
+use Exception;
 use PHPUnit\Framework\Error\Warning;
 use SAML2\DOMDocumentFactory;
 use SAML2\HTTPRedirect;
@@ -165,7 +166,9 @@ public function testInvalidRequestData() : void
         $qs = 'SAMLRequest=cannotinflate';
         $_SERVER['QUERY_STRING'] = $qs;
 
-        $this->expectException(\Exception::class, 'Error while inflating');
+        $this->expectException(Exception::class);
+        $this->expectExceptionMessage('Error while base64 decoding SAML message.');
+
         $hr = new HTTPRedirect();
         $request = @$hr->receive();
     }