diff --git a/saml-logout.php b/saml-logout.php index a816c57a5..b60adc5cd 100644 --- a/saml-logout.php +++ b/saml-logout.php @@ -2,18 +2,18 @@ session_start(); -$script = filter_input(INPUT_SERVER, 'SCRIPT_FILENAME', FILTER_SANITIZE_STRING); -$https = filter_input(INPUT_SERVER, 'HTTPS', FILTER_SANITIZE_STRING); -$hostname = filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_STRING); -$requestUri = filter_input(INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_STRING); -$shib_handler = filter_input(INPUT_SERVER, 'AJP_Shib-Handler', FILTER_SANITIZE_STRING); +$script = filter_input(INPUT_SERVER, 'SCRIPT_FILENAME', FILTER_UNSAFE_RAW); +$https = filter_input(INPUT_SERVER, 'HTTPS', FILTER_UNSAFE_RAW); +$hostname = filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_UNSAFE_RAW); +$requestUri = filter_input(INPUT_SERVER, 'REQUEST_URI', FILTER_UNSAFE_RAW); +$shib_handler = filter_input(INPUT_SERVER, 'AJP_Shib-Handler', FILTER_UNSAFE_RAW); $scriptFilename = basename($script); $path = str_replace($scriptFilename, '', $requestUri); -$url = (isset($https) && $https === 'on' ? "https" : "http") . "://${hostname}${path}"; +$url = (isset($https) && $https === 'on' ? "https" : "http") . "://{$hostname}{$path}"; $redir_url = rtrim($url, '/'); unset($_SESSION["eppn"]); unset($_SESSION["shib-session-id"]); -header("Location: ${shib_handler}/Logout?return=${redir_url}"); +header("Location: {$shib_handler}/Logout?return={$redir_url}"); diff --git a/saml-redirect.php b/saml-redirect.php index 82fd603bb..bb91e2664 100644 --- a/saml-redirect.php +++ b/saml-redirect.php @@ -1,14 +1,14 @@