raamdev
commented
4 years ago Upon further testing it looks like this bug doesn’t currently have any negative affect because when this conditional is checked:
if (isset($_POST['global_jit']) && $_POST['global_jit'] = 'on') {The first conditional (isset($_POST['global_jit'])) returns false when the $_POST['global_jit'] option is unchecked, and returns true when it is checked, so the second half of that conditional—the part with the bug—is not affecting the expected behavior. That said, while this bug is not currently affecting any behavior, it could still pose problems in the future.
This bug was introduced in https://github.com/onelogin/wordpress-saml/commit/dc0836380cc621d767e292a847b6f4114ef677ed and relates to the Network SSO/SAML Global Settings → Provision user in all sites where jit is enabled feature:
The global
$_POST['global_jit']is being assigned the value ofonin the conditional when the intention is to compare its value instead. This PR changes the assignment operator (=) to a comparison operator (===).