Hello,
I'm using 1.15 for a while now (as of recent, 1.15.3), and after the
initial session restore surprise (which I resolved with Jaime's help,
thanks again) things worked fine.
There is now one single page in my restricted admin area which throws a
strange Exception (many other pages using the same code path work just
fine). I get this:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
1 www/_include.php:45 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: Exception: The POST data we should restore was lost.
Backtrace:
1 modules/core/www/postredirect.php:38 (require)
0 www/module.php:135 (N/A)
The issue indeed comes from sending a POST form to a page with the HTML
target URL
<form action="../diag/action_realmcheck.php?inst_id=3&profile_id=10"
method="post" accept-charset="UTF-8">
All other pages (where I'm also using the mix of GET parameters together
with some POST data) work just fine.
The differentiator here is that this is the only POST target pointing to
a ../ location.
Is there something I'm still unaware of in session handling, or is there
some bug in SSP?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel:
+352 424409 1
Fax:
+352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66