search

humanmade / wp-simple-saml

WordPress Simple SAML plugin
GNU General Public License v3.0
104 stars 33 forks source link

Warning thrown from XML Loading #22

Open mikeselander opened 6 years ago

mikeselander commented 6 years ago

It appears that we're passing an empty string if there is no XML file to pass to the PHP-SAML library. This is spilling PHP warnings.

Stack trace:

[13-Jul-2018 23:26:38 UTC] PHP Warning:  DOMDocument::loadXML(): Empty string supplied as input in /vagrant/content/plugins/wp-simple-saml/vendor/onelogin/php-saml/lib/Saml2/Utils.php on line 88
[13-Jul-2018 23:26:38 UTC] PHP Stack trace:
[13-Jul-2018 23:26:38 UTC] PHP   1. {main}() /vagrant/wp/wp-admin/options-general.php:0
[13-Jul-2018 23:26:38 UTC] PHP   2. do_settings_sections() /vagrant/wp/wp-admin/options-general.php:382
[13-Jul-2018 23:26:38 UTC] PHP   3. do_settings_fields() /vagrant/wp/wp-admin/includes/template.php:1337
[13-Jul-2018 23:26:38 UTC] PHP   4. HumanMade\SimpleSaml\Admin\{closure}() /vagrant/wp/wp-admin/includes/template.php:1378
[13-Jul-2018 23:26:38 UTC] PHP   5. HumanMade\SimpleSaml\instance() /vagrant/content/plugins/wp-simple-saml/inc/admin/namespace.php:268
[13-Jul-2018 23:26:38 UTC] PHP   6. apply_filters() /vagrant/content/plugins/wp-simple-saml/inc/namespace.php:191
[13-Jul-2018 23:26:38 UTC] PHP   7. WP_Hook->apply_filters() /vagrant/wp/wp-includes/plugin.php:203
[13-Jul-2018 23:26:38 UTC] PHP   8. HumanMade\SimpleSaml\Admin\get_config() /vagrant/wp/wp-includes/class-wp-hook.php:286
[13-Jul-2018 23:26:38 UTC] PHP   9. OneLogin_Saml2_IdPMetadataParser::parseXML() /vagrant/content/plugins/wp-simple-saml/inc/admin/namespace.php:57
[13-Jul-2018 23:26:38 UTC] PHP  10. OneLogin_Saml2_Utils::loadXML() /vagrant/content/plugins/wp-simple-saml/vendor/onelogin/php-saml/lib/Saml2/IdPMetadataParser.php:98
[13-Jul-2018 23:26:38 UTC] PHP  11. DOMDocument->loadXML() /vagrant/content/plugins/wp-simple-saml/vendor/onelogin/php-saml/lib/Saml2/Utils.php:88
gsarig commented 1 year ago

This seems to throw a fatal error on PHP 8 now.

A temporary workaround, until it gets properly fixed, could be to utilize wpsimplesaml_idp_metadata_xml and pass an empty XML, if the field is empty: 


/**
 * Sanitize the SSO IDP metadata.
 * Checks if the `ssoidp_metadata` option is empty, and if so, returns an empty XML string, to prevent a fatal error on PHP 8.
 *
 * @return string
 */
function sanitize_sso_idp_metadata(): string {
    $sso_metadata = get_option( 'sso_idp_metadata' );
    if ( empty( $sso_metadata ) ) {
        return '<empty/>';
    }

    return $sso_metadata;
}

add_filter( 'wpsimplesaml_idp_metadata_xml', 'sanitize_sso_idp_metadata' );