From 29320c9aee69e09d1c76307aac8795be7fdc76bd Mon Sep 17 00:00:00 2001
From: Charles Brabec <cjbrabec@gmail.com>
Date: Thu, 2 Jul 2015 13:31:44 -0400
Subject: [PATCH 1/2] added shibboleth_getenv

---
 readme.txt     |  4 ++--
 shibboleth.php | 26 ++++++++++++++++++++------
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/readme.txt b/readme.txt
index 2e300c7..32f8c7a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,8 +1,8 @@
 === Shibboleth ===
-Contributors: willnorris, mitchoyoshitaka
+Contributors: willnorris, mitchoyoshitaka, cjbrabec
 Tags: shibboleth, authentication, login, saml
 Requires at least: 3.3
-Tested up to: 3.9
+Tested up to: 4.2
 Stable tag: 1.6
 
 Allows WordPress to externalize user authentication and account creation to a
diff --git a/shibboleth.php b/shibboleth.php
index 4ecddc9..24b0165 100644
--- a/shibboleth.php
+++ b/shibboleth.php
@@ -18,6 +18,20 @@
 	add_action('admin_init', 'shibboleth_activate_plugin');
 }
 
+/**
+ * Fastcgi-php friendly getenv() replacement that handles
+ * REDIRECT_ environment variables automatically.
+ */
+function shibboleth_getenv( $var ) {
+    if (getenv($var)) return getenv($var);
+    if (getenv('REDIRECT_'.$var)) return getenv('REDIRECT_'.$var);
+    // httpd can rewrite vars on redirects, this is the most common case
+    $var = preg_replace('/-/','_',$var);
+    if (getenv($var)) return getenv($var);
+    if (getenv('REDIRECT_'.$var)) return getenv('REDIRECT_'.$var);
+    return FALSE;
+}
+
 /**
  * Perform automatic login. This is based on the user not being logged in,
  * an active session and the option being set to true.
@@ -31,7 +45,7 @@ function shibboleth_auto_login() {
 		if ( is_wp_error($userobj) ) {
 			// TODO: Proper error return.
 		} else {
-			wp_safe_redirect($_SERVER['REQUEST_URI']);
+			wp_safe_redirect(shibboleth_getenv('REQUEST_URI'));
 			exit();
 		}
 	}
@@ -148,9 +162,9 @@ function shibboleth_admin_hooks() {
 function shibboleth_session_active() { 
 	$active = false;
 
-	$session_headers = array('Shib-Session-ID', 'Shib_Session_ID', 'HTTP_SHIB_IDENTITY_PROVIDER');
+	$session_headers = array('Shib-Session-ID', 'HTTP_SHIB_IDENTITY_PROVIDER');
 	foreach ($session_headers as $header) {
-		if ( array_key_exists($header, $_SERVER) && !empty($_SERVER[$header]) ) {
+		if ( shibboleth_getenv($header) ) {
 			$active = true;
 			break;
 		}
@@ -289,7 +303,7 @@ function shibboleth_authenticate_user() {
 		return new WP_Error('no_access', __('You do not have sufficient access.'));
 	}
 
-	$username = $_SERVER[$shib_headers['username']['name']];
+	$username = shibboleth_getenv($shib_headers['username']['name']);
 	$user = new WP_User($username);
 
 	if ( $user->ID ) {
@@ -371,7 +385,7 @@ function shibboleth_get_user_role() {
 
 		if ( empty($role_header) || empty($role_value) ) continue;
 
-		$values = split(';', $_SERVER[$role_header]);
+		$values = split(';', shibboleth_getenv($role_header));
 		if ( in_array($role_value, $values) ) {
 			$user_role = $key;
 			break;
@@ -436,7 +450,7 @@ function shibboleth_update_user_data($user_id, $force_update = false) {
 	foreach ($user_fields as $field => $header) {
 		if ( $force_update || $shib_headers[$header]['managed'] ) {
 			$filter = 'shibboleth_' . ( strpos($field, 'user_') === 0 ? '' : 'user_' ) . $field;
-			$user_data[$field] = apply_filters($filter, $_SERVER[$shib_headers[$header]['name']]);
+			$user_data[$field] = apply_filters($filter, shibboleth_getenv($shib_headers[$header]['name']));
 		}
 	}
 

From 3b87e71b046b7fded77aa6ccdfa39885f7be35c8 Mon Sep 17 00:00:00 2001
From: Charles Brabec <cjbrabec@gmail.com>
Date: Mon, 6 Jul 2015 15:39:43 -0400
Subject: [PATCH 2/2] fixed shibboeth_getenv patch as suggested

---
 shibboleth.php | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/shibboleth.php b/shibboleth.php
index 24b0165..9629362 100644
--- a/shibboleth.php
+++ b/shibboleth.php
@@ -23,12 +23,18 @@
  * REDIRECT_ environment variables automatically.
  */
 function shibboleth_getenv( $var ) {
-    if (getenv($var)) return getenv($var);
-    if (getenv('REDIRECT_'.$var)) return getenv('REDIRECT_'.$var);
-    // httpd can rewrite vars on redirects, this is the most common case
-    $var = preg_replace('/-/','_',$var);
-    if (getenv($var)) return getenv($var);
-    if (getenv('REDIRECT_'.$var)) return getenv('REDIRECT_'.$var);
+    $var_under = str_replace('-', '_', $var);
+    $check_vars = array(
+        $var => TRUE,
+        'REDIRECT_' . $var => TRUE,
+        $var_under => TRUE,
+        'REDIRECT_' . $var_under => TRUE,
+    );
+    foreach ($check_vars as $check_var => $true) {
+        if ( ($result = getenv($check_var)) !== FALSE ) {
+            return $result;
+        }
+    }
     return FALSE;
 }
 
@@ -385,7 +391,7 @@ function shibboleth_get_user_role() {
 
 		if ( empty($role_header) || empty($role_value) ) continue;
 
-		$values = split(';', shibboleth_getenv($role_header));
+		$values = explode(';', shibboleth_getenv($role_header));
 		if ( in_array($role_value, $values) ) {
 			$user_role = $key;
 			break;