Univention Bugzilla – Bug 43873
PHP tries to execute (remote) code returned by HTTP redirection?
Last modified: 2017-04-04 18:29:05 CEST
15.03.17 13:41:16.525 LISTENER ( WARN ) : initializing module univention-saml-simplesamlphp-configuration 15.03.17 13:41:16.867 LISTENER ( ERROR ) : broken PHP syntax(255) in /etc/simplesamlphp/metadata.d/https:__master42.phahn.dev_univention_saml_metadata.php: PHP Parse error: syntax error, unexpected '<', expecting end of file in /etc/simplesamlphp/metadata.d/https:__master42.phahn.dev_univention_saml_metadata.php on line 2 Errors parsing /etc/simplesamlphp/metadata.d/https:__master42.phahn.dev_univention_saml_metadata.php 15.03.17 13:41:16.867 LISTENER ( ERROR ) : repr('<?php\n<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\n<html xmlns="http://www.w3.org/1999/xhtml">\n <head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <title>Redirect</title>\n </head>\n <body>\n <h1>Redirect</h1>\n <p>You were redirected to: <a id="redirlink" href="http://localhost/simplesamlphp/module.php/core/loginuserpass.php?AuthState=_aa30bd0628b1e143768fb71375a8de61126c73a95b%3Ahttp%3A%2F%2Flocalhost%2Fsimplesamlphp%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dadmin%26ReturnTo%3Dhttp%253A%252F%252Flocalhost%252Fsimplesamlphp%252Fmodule.php%252Fcore%252Fpostredirect.php%253FRedirId%253D_abfccffdc6de4e480a0e691cf8f5a8ff5702c66e36">http://localhost/simplesamlphp/module.php/core/loginuserpass.php?AuthState=_aa30bd0628b1e143768fb71375a8de61126c73a95b%3Ahttp%3A%2F%2Flocalhost%2Fsimplesamlphp%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dadmin%26ReturnTo%3Dhttp%253A%252F%252Flocalhost%252Fsimplesamlphp%252Fmodule.php%252Fcore%252Fpostredirect.php%253FRedirId%253D_abfccffdc6de4e480a0e691cf8f5a8ff5702c66e36</a>\n <script type="text/javascript">document.getElementById("redirlink").focus();</script>\n </p>\n </body>\n</html>$further = array(\n\t\'simplesaml.nameidattribute\'\t=> \'uid\',\n\t\'simplesaml.attributes\'\t=> true,\n\t\'attributes\'\t=> array(\'uid\'),\n\t\'attributes.NameFormat\'\t=> \'urn:oasis:names:tc:SAML:2.0:attrname-format:uri\',\n\t\'OrganizationName\'\t=> \'Univention Management Console master42.phahn.dev\',\n\t\'authproc\' => array(\n\t\t100 => array(\'class\' => \'core:AttributeMap\', \'name2oid\'),\n\t),\n);\n$metadata[\'https://master42.phahn.dev/univention/saml/metadata\'] = array_merge($metadata[\'https://master42.phahn.dev/univention/saml/metadata\'], $further);') 15.03.17 13:41:16.869 LISTENER ( WARN ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=015.03.17 13:41:16.525 LISTENER ( WARN ) : initializing module univention-saml-simplesamlphp-configuration 15.03.17 13:41:16.867 LISTENER ( ERROR ) : broken PHP syntax(255) in /etc/simplesamlphp/metadata.d/https:__master42.phahn.dev_univention_saml_metadata.php: PHP Parse error: syntax error, unexpected '<', expecting end of file in /etc/simplesamlphp/metadata.d/https:__master42.phahn.dev_univention_saml_metadata.php on line 2 Errors parsing /etc/simplesamlphp/metadata.d/https:__master42.phahn.dev_univention_saml_metadata.php 15.03.17 13:41:16.867 LISTENER ( ERROR ) : repr('<?php\n<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\n<html xmlns="http://www.w3.org/1999/xhtml">\n <head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <title>Redirect</title>\n </head>\n <body>\n <h1>Redirect</h1>\n <p>You were redirected to: <a id="redirlink" href="http://localhost/simplesamlphp/module.php/core/loginuserpass.php?AuthState=_aa30bd0628b1e143768fb71375a8de61126c73a95b%3Ahttp%3A%2F%2Flocalhost%2Fsimplesamlphp%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dadmin%26ReturnTo%3Dhttp%253A%252F%252Flocalhost%252Fsimplesamlphp%252Fmodule.php%252Fcore%252Fpostredirect.php%253FRedirId%253D_abfccffdc6de4e480a0e691cf8f5a8ff5702c66e36">http://localhost/simplesamlphp/module.php/core/loginuserpass.php?AuthState=_aa30bd0628b1e143768fb71375a8de61126c73a95b%3Ahttp%3A%2F%2Flocalhost%2Fsimplesamlphp%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dadmin%26ReturnTo%3Dhttp%253A%252F%252Flocalhost%252Fsimplesamlphp%252Fmodule.php%252Fcore%252Fpostredirect.php%253FRedirId%253D_abfccffdc6de4e480a0e691cf8f5a8ff5702c66e36</a>\n <script type="text/javascript">document.getElementById("redirlink").focus();</script>\n </p>\n </body>\n</html>$further = array(\n\t\'simplesaml.nameidattribute\'\t=> \'uid\',\n\t\'simplesaml.attributes\'\t=> true,\n\t\'attributes\'\t=> array(\'uid\'),\n\t\'attributes.NameFormat\'\t=> \'urn:oasis:names:tc:SAML:2.0:attrname-format:uri\',\n\t\'OrganizationName\'\t=> \'Univention Management Console master42.phahn.dev\',\n\t\'authproc\' => array(\n\t\t100 => array(\'class\' => \'core:AttributeMap\', \'name2oid\'),\n\t),\n);\n$metadata[\'https://master42.phahn.dev/univention/saml/metadata\'] = array_merge($metadata[\'https://master42.phahn.dev/univention/saml/metadata\'], $further);') 15.03.17 13:41:16.869 LISTENER ( WARN ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=0
No, it just validates the PHP syntax it does not execute it.
univention-saml (4.0.12-1): r77740 | Bug #43873: Bug #43783: fix API change of simplesamlphp For security reasons (DoS) the create-metadata.php is only available for logged in administrators anymore. Therefore we need to copy parts of the code for our CLI script. *** This bug has been marked as a duplicate of bug 43783 ***
*** Bug 43879 has been marked as a duplicate of this bug. ***
Verified
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".