Problem/Motivation

It seems that having a space character in the ReturnTo query parameter causes certain things to break down.

Steps to reproduce

Attempting to sign into a site via https://example.com/saml_login?ReturnTo=https://example.com/some%20path will lead to the user not being returned to /some%20path, but rather the default user profile page.

This is happening because in the following code block within \Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController::authenticate is passing an invalid URL through to the UrlHelper.

    // See if a URL has been explicitly provided in ReturnTo. If so, use it
    // otherwise, use the HTTP_REFERER. Each must point to the site to be valid.
    $request = $this->requestStack->getCurrentRequest();

    if (($return_to = $request->query->get('ReturnTo')) ||
        ($return_to = $request->request->get('ReturnTo')) ||
        ($return_to = $request->server->get('HTTP_REFERER'))) {
      // !! $return_to is "https://example.com/some path" here where "some path" is not encoded properly!
      // This causes the externalIsLocal check to fail.
      if ($this->pathValidator->isValid($return_to) && UrlHelper::externalIsLocal($return_to, $base_url)) {
        $redirect = $return_to;
      }
    }

Proposed resolution

Treat the URL as a URL and not a string in this context. Things could get hairy!

Remaining tasks

User interface changes

API changes

Data model changes

Comments

luke.leber created an issue. See original summary.

luke.leber’s picture

luke.leber
Primary language English
Location Pennsylvania
commented
Issue summary: View changes

Update I.S. with more info.