/** * Loads and merges in a file with a attribute map. * * @param string $fileName Name of attribute map file. Expected to be in the attributemap directory in the root * of the SimpleSAMLphp installation, or in the root of a module. * * @throws Exception If the filter could not load the requested attribute map file. */ private function loadMapFile($fileName) { $config = SimpleSAML_Configuration::getInstance(); $m = explode(':', $fileName); if (count($m) === 2) { // we are asked for a file in a module if (!SimpleSAML\Module::isModuleEnabled($m[0])) { throw new Exception("Module '{$m['0']}' is not enabled."); } $filePath = SimpleSAML\Module::getModuleDir($m[0]) . '/attributemap/' . $m[1] . '.php'; } else { $filePath = $config->getPathValue('attributenamemapdir', 'attributemap/') . $fileName . '.php'; } if (!file_exists($filePath)) { throw new Exception('Could not find attribute map file: ' . $filePath); } $attributemap = null; include $filePath; if (!is_array($attributemap)) { throw new Exception('Attribute map file "' . $filePath . '" didn\'t define an attribute map.'); } if ($this->duplicate) { $this->map = array_merge_recursive($this->map, $attributemap); } else { $this->map = array_merge($this->map, $attributemap); } }
if ($url === false) { $url = ''; } if (!SimpleSAML\Module::isModuleEnabled($module)) { throw new SimpleSAML_Error_NotFound('The module \'' . $module . '\' was either not found, or wasn\'t enabled.'); } /* Make sure that the request isn't suspicious (contains references to current directory or parent directory or * anything like that. Searching for './' in the URL will detect both '../' and './'. Searching for '\' will detect * attempts to use Windows-style paths. */ if (strpos($url, '\\') !== false) { throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.'); } elseif (strpos($url, './') !== false) { throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.'); } $moduleDir = SimpleSAML\Module::getModuleDir($module) . '/www/'; // check for '.php/' in the path, the presence of which indicates that another php-script should handle the request for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) { $newURL = substr($url, 0, $phpPos + 4); $param = substr($url, $phpPos + 4); if (is_file($moduleDir . $newURL)) { /* $newPath points to a normal file. Point execution to that file, and * save the remainder of the path in PATH_INFO. */ $url = $newURL; $_SERVER['PATH_INFO'] = $param; break; } } $path = $moduleDir . $url; if ($path[strlen($path) - 1] === '/') {