From c9b22626660e3b6ceb3d5ac9e2371d2f6a5cabcf Mon Sep 17 00:00:00 2001
From: root <root@shibboleth>
Date: Thu, 25 Oct 2018 13:22:01 +0200
Subject: [PATCH] FIX pb with shibboleth

---
 .../class/class_content_manager_tools_Abstract.php              | 2 +-
 src/app/contentManagement/controllers/JnlpController.php        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/content_management/class/class_content_manager_tools_Abstract.php b/modules/content_management/class/class_content_manager_tools_Abstract.php
index f807699bdd1..ea18599f011 100755
--- a/modules/content_management/class/class_content_manager_tools_Abstract.php
+++ b/modules/content_management/class/class_content_manager_tools_Abstract.php
@@ -451,7 +451,7 @@ abstract class content_management_tools_Abstract
         $jnlp_balise->appendChild($jnlp_attribute2);
 
         $jnlp_attribute3 = $docXML->createAttribute('href');
-        $jnlp_attribute3->value = $jnlp_name;
+        $jnlp_attribute3->value = htmlentities($jnlp_name);
         $jnlp_balise->appendChild($jnlp_attribute3);
 
         //"{$pathUrl}/rest/jnlp?fileName={$jnlp_name}";
diff --git a/src/app/contentManagement/controllers/JnlpController.php b/src/app/contentManagement/controllers/JnlpController.php
index 1ab441993d2..fb5155d1582 100644
--- a/src/app/contentManagement/controllers/JnlpController.php
+++ b/src/app/contentManagement/controllers/JnlpController.php
@@ -182,7 +182,7 @@ class JnlpController
 
     public function renderJnlp(Request $request, Response $response, array $aArgs)
     {
-        if (explode('.', $aArgs['jnlpUniqueId'])[1] != 'jnlp') {
+        if (strtoupper(pathinfo($aArgs['jnlpUniqueId'], PATHINFO_EXTENSION)) != 'JNLP') {
             return $response->withStatus(403)->withJson(['errors' => 'File extension forbidden']);
         }
 
-- 
GitLab