search

SAML-Toolkits / php-saml

Simple SAML toolkit for PHP
MIT License
1.21k stars 462 forks source link

"&" characters in organization name result in an error when trying to build metadata #576

Open 0xmerp opened 4 months ago

0xmerp commented 4 months ago

In advanced settings, when setting the organization name to something including a & character:

    'organization' => array (
        'en-US' => array(
            'name' => 'Name & Name2',
            'displayname' => 'Name & Name2',
            'url' => 'https://some-url.com'
        ),
    ),

then fetching the SP metadata:

    $samlSettings = new Settings($saml_settings);
    $metadata = $samlSettings->getSPMetadata();

I get an error: Error parsing metadata. Error parsing metadata from Saml2/Metadata.php:

        try {

            $xml = Utils::loadXML($xml, $metadata);

            if (!$xml) {
                throw new Exception('Error parsing metadata');
            }
        } catch (Exception $e) {
            throw new Exception('Error parsing metadata. '.$e->getMessage());
        }

Changing the & character with & fixes it, so it seems like this string wasn't being escaped properly.