Attribute values are not sorted when giving consent

GoogleCodeExporter commented 8 years ago

The attribute values are not sorted before the attribute hash is calculated in 
the consent module.

If you are using the attribute values in consent, that the attribute hash will 
change if the order of the attribute values change but the actual values are 
the same.

The values should be sorted, so the attribute hash persists even if the order 
of the attribute values change.

The following will fis this:

Index: modules/consent/lib/Auth/Process/Consent.php
===================================================================
--- modules/consent/lib/Auth/Process/Consent.php    (revision 3128)
+++ modules/consent/lib/Auth/Process/Consent.php    (working copy)
@@ -309,6 +309,9 @@
     {
         $hashBase = null;  
         if ($includeValues) {
+            foreach ($attributes AS &$values) {
+                sort($values);
+            }
             ksort($attributes);
             $hashBase = serialize($attributes);
         } else {

Original issue reported on code.google.com by j...@wayf.dk on 4 Jul 2012 at 12:36

GoogleCodeExporter commented 8 years ago

Looks good to me, feel free to commit it. Of course, this means that everyone 
will have to give consent again, but I do not see a way around that which does 
not require a lot of extra code.

Original comment by olavmrk@gmail.com on 4 Jul 2012 at 12:45

GoogleCodeExporter commented 8 years ago

I don't think this one was ever committed.

Original comment by olavmrk@gmail.com on 27 Feb 2014 at 9:39

GoogleCodeExporter commented 8 years ago

Original comment by jaim...@gmail.com on 27 Feb 2014 at 1:40

GoogleCodeExporter commented 8 years ago

Closing the issue here, moved to:

https://github.com/simplesamlphp/simplesamlphp/issues/39

Original comment by jaim...@gmail.com on 27 Feb 2014 at 7:15

Changed state: Migrated

plp050452 / simplesamlphp

Attribute values are not sorted when giving consent #505