Upgrade from CAS 1.1.0RC6 to 1.1.2

2010-08-30 16:53:32 -04:00 · 2010-08-30 16:53:32 -04:00 · 6b4607f073
commit 6b4607f073
parent 7cd0706aef
5 changed files with 1243 additions and 1097 deletions
--- a/plugins/CasAuthentication/extlib/CAS.php
+++ b/plugins/CasAuthentication/extlib/CAS.php
@ -1,7 +1,33 @@
 <?php
-// commented in 0.4.22-RC2 for Sylvain Derosiaux
+/*
-// error_reporting(E_ALL ^ E_NOTICE);
+ * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 
 *     * Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice,
 *       this list of conditions and the following disclaimer in the documentation
 *       and/or other materials provided with the distribution.
 *     * Neither the name of the ESUP-Portail consortium & the JA-SIG
 *       Collaborative nor the names of its contributors may be used to endorse or
 *       promote products derived from this software without specific prior
 *       written permission.
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 //
 // hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] in IIS
@ -13,7 +39,7 @@ if (!$_SERVER['REQUEST_URI']) {
 //
 // another one by Vangelis Haniotakis also to make phpCAS work with PHP5
 //
-if (version_compare(PHP_VERSION,'5','>=')) {
+if (version_compare(PHP_VERSION, '5', '>=') && !(function_exists('domxml_new_doc'))) {
 	require_once (dirname(__FILE__) . '/CAS/domxml-php4-to-php5.php');
 }
@ -35,7 +61,7 @@ if (version_compare(PHP_VERSION,'5','>=')) {
 /**
 * phpCAS version. accessible for the user by phpCAS::getVersion().
 */
-define('PHPCAS_VERSION','1.1.0RC6');
+define('PHPCAS_VERSION', '1.1.2');
 // ------------------------------------------------------------------------
 //  CAS VERSIONS
@ -109,8 +135,6 @@ define ("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');
 */
 define("SAML_ATTRIBUTES", 'SAMLATTRIBS');
 /** @} */
 /**
 * @addtogroup publicPGTStorage
@ -257,10 +281,12 @@ $GLOBALS['PHPCAS_CLIENT']  = null;
 *
 * @hideinitializer
 */
-$GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE,
+$GLOBALS['PHPCAS_INIT_CALL'] = array (
 	'done' => FALSE,
 	'file' => '?',
 	'line' => -1,
-	'method' => '?');
+	'method' => '?'
 );
 /**
 * This global variable is used to store where the method checking
@ -268,20 +294,24 @@ $GLOBALS['PHPCAS_INIT_CALL'] = array('done' => FALSE,
 *
 * @hideinitializer
 */
-$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array('done' => FALSE,
+$GLOBALS['PHPCAS_AUTH_CHECK_CALL'] = array (
 	'done' => FALSE,
 	'file' => '?',
 	'line' => -1,
 	'method' => '?',
-	'result' => FALSE);
+	'result' => FALSE
 );
 /**
 * This global variable is used to store phpCAS debug mode.
 *
 * @hideinitializer
 */
-$GLOBALS['PHPCAS_DEBUG']  = array('filename' => FALSE,
+$GLOBALS['PHPCAS_DEBUG'] = array (
 	'filename' => FALSE,
 	'indent' => 0,
-	'unique_id' => '');
+	'unique_id' => ''
 );
 /** @} */
@ -308,10 +338,7 @@ include_once(dirname(__FILE__).'/CAS/client.php');
 * at the end of CAS/client.php).
 */
-
+class phpCAS {
 class phpCAS
 {
 	// ########################################################################
 	//  INITIALIZATION
@ -336,12 +363,7 @@ class phpCAS
 	 *
 	 * @return a newly created CASClient object
 	 */
-	function client($server_version,
+	function client($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
 					$server_hostname,
 					$server_port,
 					$server_uri,
 					$start_session = true)
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
 		phpCAS :: traceBegin();
@ -363,13 +385,16 @@ class phpCAS
 		// store where the initializer is called from
 		$dbg = phpCAS :: backtrace();
-		$PHPCAS_INIT_CALL = array('done' => TRUE,
+		$PHPCAS_INIT_CALL = array (
 			'done' => TRUE,
 			'file' => $dbg[0]['file'],
 			'line' => $dbg[0]['line'],
-			'method' => __CLASS__.'::'.__FUNCTION__);
+			'method' => __CLASS__ . '::' . __FUNCTION__
 		);
 		// initialize the global object $PHPCAS_CLIENT
-		$PHPCAS_CLIENT = new CASClient($server_version,FALSE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
+		$PHPCAS_CLIENT = new CASClient($server_version, FALSE /*proxy*/
 		, $server_hostname, $server_port, $server_uri, $start_session);
 		phpCAS :: traceEnd();
 	}
@ -387,12 +412,7 @@ class phpCAS
 	 *
 	 * @return a newly created CASClient object
 	 */
-	function proxy($server_version,
+	function proxy($server_version, $server_hostname, $server_port, $server_uri, $start_session = true) {
 				   $server_hostname,
 				   $server_port,
 				   $server_uri,
 				   $start_session = true)
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_INIT_CALL;
 		phpCAS :: traceBegin();
@ -414,13 +434,16 @@ class phpCAS
 		// store where the initialzer is called from
 		$dbg = phpCAS :: backtrace();
-		$PHPCAS_INIT_CALL = array('done' => TRUE,
+		$PHPCAS_INIT_CALL = array (
 			'done' => TRUE,
 			'file' => $dbg[0]['file'],
 			'line' => $dbg[0]['line'],
-			'method' => __CLASS__.'::'.__FUNCTION__);
+			'method' => __CLASS__ . '::' . __FUNCTION__
 		);
 		// initialize the global object $PHPCAS_CLIENT
-		$PHPCAS_CLIENT = new CASClient($server_version,TRUE/*proxy*/,$server_hostname,$server_port,$server_uri,$start_session);
+		$PHPCAS_CLIENT = new CASClient($server_version, TRUE /*proxy*/
 		, $server_hostname, $server_port, $server_uri, $start_session);
 		phpCAS :: traceEnd();
 	}
@ -439,8 +462,7 @@ class phpCAS
 	 *
 	 * @param $filename the name of the file used for logging, or FALSE to stop debugging.
 	 */
-	function setDebug($filename='')
+	function setDebug($filename = '') {
 		{
 		global $PHPCAS_DEBUG;
 		if ($filename != FALSE && gettype($filename) != 'string') {
@ -451,7 +473,8 @@ class phpCAS
 			if (preg_match('/^Win.*/', getenv('OS'))) {
 				if (isset ($_ENV['TMP'])) {
 					$debugDir = $_ENV['TMP'] . '/';
-				} else if ( isset($_ENV['TEMP']) ) {
+				} else
 					if (isset ($_ENV['TEMP'])) {
 						$debugDir = $_ENV['TEMP'] . '/';
 					} else {
 						$debugDir = '';
@ -468,7 +491,7 @@ class phpCAS
 		$PHPCAS_DEBUG['filename'] = $filename;
-		phpCAS::trace('START ******************');
+		phpCAS :: trace('START phpCAS-' . PHPCAS_VERSION . ' ******************');
 	}
 	/** @} */
@ -481,8 +504,7 @@ class phpCAS
 	 * This method is a wrapper for debug_backtrace() that is not available 
 	 * in all PHP versions (>= 4.3.0 only)
 	 */
-	function backtrace()
+	function backtrace() {
 		{
 		if (function_exists('debug_backtrace')) {
 			return debug_backtrace();
 		} else {
@ -498,8 +520,7 @@ class phpCAS
 	 *
 	 * @private
 	 */
-	function log($str)
+	function log($str) {
 		{
 		$indent_str = ".";
 		global $PHPCAS_DEBUG;
@ -520,8 +541,7 @@ class phpCAS
 	 *
 	 * @private
 	 */
-	function error($msg)
+	function error($msg) {
 		{
 		$dbg = phpCAS :: backtrace();
 		$function = '?';
 		$file = '?';
@ -546,8 +566,7 @@ class phpCAS
 	/**
 	 * This method is used to log something in debug mode.
 	 */
-	function trace($str)
+	function trace($str) {
 		{
 		$dbg = phpCAS :: backtrace();
 		phpCAS :: log($str . ' [' . basename($dbg[1]['file']) . ':' . $dbg[1]['line'] . ']');
 	}
@ -555,8 +574,7 @@ class phpCAS
 	/**
 	 * This method is used to indicate the start of the execution of a function in debug mode.
 	 */
-	function traceBegin()
+	function traceBegin() {
 		{
 		global $PHPCAS_DEBUG;
 		$dbg = phpCAS :: backtrace();
@ -583,8 +601,7 @@ class phpCAS
 	 *
 	 * @param $res the result of the function
 	 */
-	function traceEnd($res='')
+	function traceEnd($res = '') {
 		{
 		global $PHPCAS_DEBUG;
 		$PHPCAS_DEBUG['indent']--;
@ -597,8 +614,7 @@ class phpCAS
 	/**
 	 * This method is used to indicate the end of the execution of the program
 	 */
-	function traceExit()
+	function traceExit() {
 		{
 		global $PHPCAS_DEBUG;
 		phpCAS :: log('exit()');
@ -625,8 +641,7 @@ class phpCAS
 	 *
 	 * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH
 	 */
-	function setLang($lang)
+	function setLang($lang) {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -651,8 +666,7 @@ class phpCAS
 	 *
 	 * @return the phpCAS version.
 	 */
-	function getVersion()
+	function getVersion() {
 		{
 		return PHPCAS_VERSION;
 	}
@ -670,8 +684,7 @@ class phpCAS
 	 *
 	 * @param $header the HTML header.
 	 */
-	function setHTMLHeader($header)
+	function setHTMLHeader($header) {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -687,8 +700,7 @@ class phpCAS
 	 *
 	 * @param $footer the HTML footer.
 	 */
-	function setHTMLFooter($footer)
+	function setHTMLFooter($footer) {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -715,9 +727,7 @@ class phpCAS
 	 * @param $format the format used to store the PGT's (`plain' and `xml' allowed)
 	 * @param $path the path where the PGT's should be stored
 	 */
-	function setPGTStorageFile($format='',
+	function setPGTStorageFile($format = '', $path = '') {
 		$path='')
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		phpCAS :: traceBegin();
@ -755,14 +765,7 @@ class phpCAS
 	 * @param $database the name of the database
 	 * @param $table the name of the table storing the data
 	 */
-	function setPGTStorageDB($user,
+	function setPGTStorageDB($user, $password, $database_type = '', $hostname = '', $port = 0, $database = '', $table = '') {
 							 $password,
 							 $database_type='',
 								 $hostname='',
 									 $port=0,
 										 $database='',
 											 $table='')
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		phpCAS :: traceBegin();
@ -822,8 +825,7 @@ class phpCAS
 	 * @return TRUE on success, FALSE otherwise (in this later case, $err_code
 	 * gives the reason why it failed and $output contains an error message).
 	 */
-	function serviceWeb($url,&$err_code,&$output)
+	function serviceWeb($url, & $err_code, & $output) {
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		phpCAS :: traceBegin();
@ -866,8 +868,7 @@ class phpCAS
 	 * @return an IMAP stream on success, FALSE otherwise (in this later case, $err_code
 	 * gives the reason why it failed and $err_msg contains an error message).
 	 */
-	function serviceMail($url,$service,$flags,&$err_code,&$err_msg,&$pt)
+	function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) {
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		phpCAS :: traceBegin();
@ -914,8 +915,7 @@ class phpCAS
 	 *
 	 * @param $n an integer.
 	 */
-	function setCacheTimesForAuthRecheck($n)
+	function setCacheTimesForAuthRecheck($n) {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -930,8 +930,7 @@ class phpCAS
 	 * This method is called to check if the user is authenticated (use the gateway feature).
 	 * @return TRUE when the user is authenticated; otherwise FALSE.
 	 */
-	function checkAuthentication()
+	function checkAuthentication() {
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		phpCAS :: traceBegin();
@ -943,11 +942,13 @@ class phpCAS
 		// store where the authentication has been checked and the result
 		$dbg = phpCAS :: backtrace();
-		$PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+		$PHPCAS_AUTH_CHECK_CALL = array (
 			'done' => TRUE,
 			'file' => $dbg[0]['file'],
 			'line' => $dbg[0]['line'],
 			'method' => __CLASS__ . '::' . __FUNCTION__,
-			'result' => $auth );
+			'result' => $auth
 		);
 		phpCAS :: traceEnd($auth);
 		return $auth;
 	}
@ -957,8 +958,7 @@ class phpCAS
 	 * authenticated. If the user is not authenticated, halt by redirecting to 
 	 * the CAS server.
 	 */
-	function forceAuthentication()
+	function forceAuthentication() {
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		phpCAS :: traceBegin();
@ -970,11 +970,13 @@ class phpCAS
 		// store where the authentication has been checked and the result
 		$dbg = phpCAS :: backtrace();
-		$PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+		$PHPCAS_AUTH_CHECK_CALL = array (
 			'done' => TRUE,
 			'file' => $dbg[0]['file'],
 			'line' => $dbg[0]['line'],
 			'method' => __CLASS__ . '::' . __FUNCTION__,
-			'result' => $auth );
+			'result' => $auth
 		);
 		if (!$auth) {
 			phpCAS :: trace('user is not authenticated, redirecting to the CAS server');
@ -1000,7 +1002,13 @@ class phpCAS
 		// store where the authentication has been checked and the result
 		$dbg = phpCAS :: backtrace();
-		$PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE, 'file' => $dbg[0]['file'], 'line' => $dbg[0]['line'], 'method' => __CLASS__.'::'.__FUNCTION__, 'result' => $auth );
+		$PHPCAS_AUTH_CHECK_CALL = array (
 			'done' => TRUE,
 			'file' => $dbg[0]['file'],
 			'line' => $dbg[0]['line'],
 			'method' => __CLASS__ . '::' . __FUNCTION__,
 			'result' => $auth
 		);
 		$PHPCAS_CLIENT->renewAuthentication();
 		phpCAS :: traceEnd();
@ -1009,8 +1017,7 @@ class phpCAS
 	/**
 	 * This method has been left from version 0.4.1 for compatibility reasons.
 	 */
-	function authenticate()
+	function authenticate() {
 		{
 		phpCAS :: error('this method is deprecated. You should use ' . __CLASS__ . '::forceAuthentication() instead');
 	}
@ -1020,8 +1027,7 @@ class phpCAS
 	 *
 	 * @return TRUE when the user is authenticated.
 	 */
-	function isAuthenticated()
+	function isAuthenticated() {
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		phpCAS :: traceBegin();
@ -1034,11 +1040,13 @@ class phpCAS
 		// store where the authentication has been checked and the result
 		$dbg = phpCAS :: backtrace();
-		$PHPCAS_AUTH_CHECK_CALL = array('done' => TRUE,
+		$PHPCAS_AUTH_CHECK_CALL = array (
 			'done' => TRUE,
 			'file' => $dbg[0]['file'],
 			'line' => $dbg[0]['line'],
 			'method' => __CLASS__ . '::' . __FUNCTION__,
-			'result' => $auth );
+			'result' => $auth
 		);
 		phpCAS :: traceEnd($auth);
 		return $auth;
 	}
@ -1049,8 +1057,7 @@ class phpCAS
 	 * @return true if authenticated, false otherwise.
 	 * @since 0.4.22 by Brendan Arnold
 	 */
-	function isSessionAuthenticated ()
+	function isSessionAuthenticated() {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -1065,8 +1072,7 @@ class phpCAS
 	 *
 	 * @return the login name of the authenticated user
 	 */
-	function getUser()
+	function getUser() {
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -1087,8 +1093,7 @@ class phpCAS
 	 *
 	 * @return the login name of the authenticated user
 	 */
-	function getAttributes()
+	function getAttributes() {
 		{
 		global $PHPCAS_CLIENT, $PHPCAS_AUTH_CHECK_CALL;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -1104,8 +1109,7 @@ class phpCAS
 	/**
 	 * Handle logout requests.
 	 */
-    function handleLogoutRequests($check_client=true, $allowed_clients=false)
+	function handleLogoutRequests($check_client = true, $allowed_clients = false) {
        {
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -1119,8 +1123,7 @@ class phpCAS
 	 *
 	 * @return the login name of the authenticated user
 	 */
-	function getServerLoginURL()
+	function getServerLoginURL() {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -1133,8 +1136,7 @@ class phpCAS
 	 * @param $url the login URL
 	 * @since 0.4.21 by Wyman Chan
 	 */
-	function setServerLoginURL($url='')
+	function setServerLoginURL($url = '') {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1149,14 +1151,13 @@ class phpCAS
 		phpCAS :: traceEnd();
 	}
 	/**
 	 * Set the serviceValidate URL of the CAS server.
 	 * Used only in CAS 1.0 validations
 	 * @param $url the serviceValidate URL
 	 * @since 1.1.0 by Joachim Fritschi
 	 */
-	function setServerServiceValidateURL($url='')
+	function setServerServiceValidateURL($url = '') {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1171,14 +1172,13 @@ class phpCAS
 		phpCAS :: traceEnd();
 	}
 	/**
 	 * Set the proxyValidate URL of the CAS server.
 	 * Used for all CAS 2.0 validations
 	 * @param $url the proxyValidate URL
 	 * @since 1.1.0 by Joachim Fritschi
 	 */
-	function setServerProxyValidateURL($url='')
+	function setServerProxyValidateURL($url = '') {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1198,8 +1198,7 @@ class phpCAS
 	 * @param $url the samlValidate URL
 	 * @since 1.1.0 by Joachim Fritschi
 	 */
-	function setServerSamlValidateURL($url='')
+	function setServerSamlValidateURL($url = '') {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1220,8 +1219,7 @@ class phpCAS
 	 *
 	 * @return the login name of the authenticated user
 	 */
-	function getServerLogoutURL()
+	function getServerLogoutURL() {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should not be called before ' . __CLASS__ . '::client() or ' . __CLASS__ . '::proxy()');
@ -1234,8 +1232,7 @@ class phpCAS
 	 * @param $url the logout URL
 	 * @since 0.4.21 by Wyman Chan
 	 */
-	function setServerLogoutURL($url='')
+	function setServerLogoutURL($url = '') {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1294,7 +1291,9 @@ class phpCAS
 		if (!is_string($service)) {
 			phpCAS :: error('type mismatched for parameter $service (should be `string\')');
 		}
-		$PHPCAS_CLIENT->logout(array("service" => $service));
+		$PHPCAS_CLIENT->logout(array (
 			"service" => $service
 		));
 		// never reached
 		phpCAS :: traceEnd();
 	}
@ -1312,7 +1311,9 @@ class phpCAS
 		if (!is_string($url)) {
 			phpCAS :: error('type mismatched for parameter $url (should be `string\')');
 		}
-		$PHPCAS_CLIENT->logout(array("url" => $url));
+		$PHPCAS_CLIENT->logout(array (
 			"url" => $url
 		));
 		// never reached
 		phpCAS :: traceEnd();
 	}
@ -1334,7 +1335,10 @@ class phpCAS
 		if (!is_string($url)) {
 			phpCAS :: error('type mismatched for parameter $url (should be `string\')');
 		}
-		$PHPCAS_CLIENT->logout(array("service" => $service, "url" => $url));
+		$PHPCAS_CLIENT->logout(array (
 			"service" => $service,
 			"url" => $url
 		));
 		// never reached
 		phpCAS :: traceEnd();
 	}
@ -1345,8 +1349,7 @@ class phpCAS
 	 *
 	 * @param $url the URL
 	 */
-	function setFixedCallbackURL($url='')
+	function setFixedCallbackURL($url = '') {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1368,8 +1371,7 @@ class phpCAS
 	 *
 	 * @param $url the URL
 	 */
-	function setFixedServiceURL($url)
+	function setFixedServiceURL($url) {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1385,8 +1387,7 @@ class phpCAS
 	/**
 	 * Get the URL that is set as the CAS service parameter.
 	 */
-	function getServiceURL()
+	function getServiceURL() {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
@ -1397,8 +1398,7 @@ class phpCAS
 	/**
 	 * Retrieve a Proxy Ticket from the CAS server.
 	 */
-	function retrievePT($target_service,&$err_code,&$err_msg)
+	function retrievePT($target_service, & $err_code, & $err_msg) {
 		{
 		global $PHPCAS_CLIENT;
 		if (!is_object($PHPCAS_CLIENT)) {
 			phpCAS :: error('this method should only be called after ' . __CLASS__ . '::proxy()');
@ -1414,8 +1414,7 @@ class phpCAS
 	 *
 	 * @param $cert the PEM certificate
 	 */
-	function setCasServerCert($cert)
+	function setCasServerCert($cert) {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1433,8 +1432,7 @@ class phpCAS
 	 *
 	 * @param $cert the CA certificate
 	 */
-	function setCasServerCACert($cert)
+	function setCasServerCACert($cert) {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1450,8 +1448,7 @@ class phpCAS
 	/**
 	 * Set no SSL validation for the CAS server.
 	 */
-	function setNoCasServerValidation()
+	function setNoCasServerValidation() {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1469,8 +1466,7 @@ class phpCAS
 	 * @param $key the option key
 	 * @param $value the value to set
 	 */
-   function setExtraCurlOption($key, $value)
+	function setExtraCurlOption($key, $value) {
 		{
 		global $PHPCAS_CLIENT;
 		phpCAS :: traceBegin();
 		if (!is_object($PHPCAS_CLIENT)) {
@ -1525,7 +1521,6 @@ class phpCAS
 /** @defgroup publicDebug Debugging
 *  @ingroup public */
 /** @defgroup internal Implementation */
 /** @defgroup internalAuthentication Authentication
@ -1609,7 +1604,7 @@ class phpCAS
 /**
 * @example example_gateway.php
 */
-
+/**
-
+ * @example example_custom_urls.php
-
+ */
 ?>
--- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php
+++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-db.php
@ -1,4 +1,32 @@
 <?php
 /*
 * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 
 *     * Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice,
 *       this list of conditions and the following disclaimer in the documentation
 *       and/or other materials provided with the distribution.
 *     * Neither the name of the ESUP-Portail consortium & the JA-SIG
 *       Collaborative nor the names of its contributors may be used to endorse or
 *       promote products derived from this software without specific prior
 *       written permission.
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /**
 * @file CAS/PGTStorage/pgt-db.php
--- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php
+++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-file.php
@ -1,5 +1,32 @@
 <?php
 /*
 * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 
 *     * Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice,
 *       this list of conditions and the following disclaimer in the documentation
 *       and/or other materials provided with the distribution.
 *     * Neither the name of the ESUP-Portail consortium & the JA-SIG
 *       Collaborative nor the names of its contributors may be used to endorse or
 *       promote products derived from this software without specific prior
 *       written permission.
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /**
 * @file CAS/PGTStorage/pgt-file.php
 * Basic class for PGT file storage
--- a/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php
+++ b/plugins/CasAuthentication/extlib/CAS/PGTStorage/pgt-main.php
@ -1,5 +1,32 @@
 <?php
 /*
 * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 
 *     * Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice,
 *       this list of conditions and the following disclaimer in the documentation
 *       and/or other materials provided with the distribution.
 *     * Neither the name of the ESUP-Portail consortium & the JA-SIG
 *       Collaborative nor the names of its contributors may be used to endorse or
 *       promote products derived from this software without specific prior
 *       written permission.
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /**
 * @file CAS/PGTStorage/pgt-main.php
 * Basic class for PGT storage
--- a/plugins/CasAuthentication/extlib/CAS/client.php
+++ b/plugins/CasAuthentication/extlib/CAS/client.php
@ -1,5 +1,34 @@
 <?php
 /*
 * Copyright © 2003-2010, The ESUP-Portail consortium & the JA-SIG Collaborative.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 
 *     * Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice,
 *       this list of conditions and the following disclaimer in the documentation
 *       and/or other materials provided with the distribution.
 *     * Neither the name of the ESUP-Portail consortium & the JA-SIG
 *       Collaborative nor the names of its contributors may be used to endorse or
 *       promote products derived from this software without specific prior
 *       written permission.
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /**
 * @file CAS/client.php
 * Main class of the phpCAS library
@ -556,44 +585,20 @@ class CASClient
 		if (version_compare(PHP_VERSION,'5','>=') && ini_get('zend.ze1_compatibility_mode')) {
 			phpCAS::error('phpCAS cannot support zend.ze1_compatibility_mode. Sorry.');
 		}
 		$this->_start_session = $start_session;
 		if ($this->_start_session && session_id())
 		{
 			phpCAS :: error("Another session was started before phpcas. Either disable the session" .
 				" handling for phpcas in the client() call or modify your application to leave" .
 				" session handling to phpcas");			
 		}
 		// skip Session Handling for logout requests and if don't want it'
-		if ($start_session && !$this->isLogoutRequest()) {
+		if ($start_session && !$this->isLogoutRequest())
-			phpCAS::trace("Starting session handling");
+		{
-			// Check for Tickets from the CAS server
+			phpCAS :: trace("Starting a new session");
 			if (empty($_GET['ticket'])){
 				phpCAS::trace("No ticket found");
 				// only create a session if necessary
 				if (!isset($_SESSION)) {
 					phpCAS::trace("No session found, creating new session");
 			session_start();
 		}
 			}else{
 				phpCAS::trace("Ticket found");
 				// We have to copy any old data before renaming the session
 				if (isset($_SESSION)) {
 					phpCAS::trace("Old active session found, saving old data and destroying session");
 					$old_session = $_SESSION;
 					session_destroy();	
 				}else{
 					session_start();
 					phpCAS::trace("Starting possible old session to copy variables");
 					$old_session = $_SESSION;
 					session_destroy();	
 				}
 				// set up a new session, of name based on the ticket
 				$session_id = preg_replace('/[^\w]/','',$_GET['ticket']);
 				phpCAS::LOG("Session ID: " . $session_id);
 				session_id($session_id);
 				session_start();
 				// restore old session vars
 				if(isset($old_session)){
 					phpCAS::trace("Restoring old session vars");
 					$_SESSION = $old_session;
 				}
 			}
 		}else{
 			phpCAS::trace("Skipping session creation");
 		}
 		// are we in proxy mode ?
@ -667,12 +672,8 @@ class CASClient
 					}
 					break;
 				case CAS_VERSION_2_0: // check for a Service or Proxy Ticket
-					if (preg_match('/^ST-/', $ticket)) {
+					if( preg_match('/^[SP]T-/',$ticket) ) {
-						phpCAS::trace('ST \'' . $ticket . '\' found');
+						phpCAS::trace('ST or PT \''.$ticket.'\' found');
 						$this->setST($ticket);
 						unset ($_GET['ticket']);
 					} else if (preg_match('/^PT-/', $ticket)) {
 						phpCAS::trace('PT \'' . $ticket . '\' found');
 						$this->setPT($ticket);
 						unset($_GET['ticket']);
 					} else if ( !empty($ticket) ) {
@ -697,6 +698,57 @@ class CASClient
 	/** @} */
 	// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 	// XX                                                                    XX
 	// XX                           Session Handling                         XX
 	// XX                                                                    XX
 	// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 	/**
 	* A variable to whether phpcas will use its own session handling. Default = true
 	* @hideinitializer
 	* @private
 	*/
 	var $_start_session = true;
 	function setStartSession($session)
 	{
 		$this->_start_session = session;
 	}
 	function getStartSession($session)
 	{
 		$this->_start_session = session;
 	}
 		/**
 	 * Renaming the session 
 	 */
 	function renameSession($ticket)
 	{
 		phpCAS::traceBegin();
 		if($this->_start_session){
 			if (!empty ($this->_user))
 			{
 				$old_session = $_SESSION;
 				session_destroy();
 				// set up a new session, of name based on the ticket
 				$session_id = preg_replace('/[^\w]/', '', $ticket);
 				phpCAS :: trace("Session ID: ".$session_id);
 				session_id($session_id);
 				session_start();
 				phpCAS :: trace("Restoring old session vars");
 				$_SESSION = $old_session;
 			} else
 			{
 				phpCAS :: error('Session should only be renamed after successfull authentication');
 			}
 		}else{
 			phpCAS :: trace("Skipping session rename since phpCAS is not handling the session.");			
 		}
 		phpCAS::traceEnd();		
 	}	
 	// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 	// XX                                                                    XX
 	// XX                           AUTHENTICATION                           XX
@ -919,9 +971,16 @@ class CASClient
 		$validate_url = '';
 		if ( $this->wasPreviouslyAuthenticated() ) {
 			if($this->hasST() || $this->hasPT() || $this->hasSA()){
 				// User has a additional ticket but was already authenticated
 				phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()');
 				header('Location: '.$this->getURL());
 				phpCAS::log( "Prepare redirect to remove ticket: ".$this->getURL() );
 			}else{
 				// the user has already (previously during the session) been
 				// authenticated, nothing to be done.
 				phpCAS::trace('user was already authenticated, no need to look for tickets');
 			}
 			$res = TRUE;
 		}
 		else {
@ -1072,29 +1131,6 @@ class CASClient
 		exit();
 	}
 //	/**
 //	 * This method is used to logout from CAS.
 //	 * @param $url a URL that will be transmitted to the CAS server (to come back to when logged out)
 //	 * @public
 //	 */
 //	function logout($url = "") {
 //		phpCAS::traceBegin();
 //		$cas_url = $this->getServerLogoutURL();
 //		// v0.4.14 sebastien.gougeon at univ-rennes1.fr
 //		// header('Location: '.$cas_url);
 //		if ( $url != "" ) {
 //			// Adam Moore 1.0.0RC2
 //			$url = '?service=' . $url . '&url=' . $url;
 //		}
 //		header('Location: '.$cas_url . $url);
 //		session_unset();
 //		session_destroy();
 //		$this->printHTMLHeader($this->getString(CAS_STR_LOGOUT));
 //		printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
 //		$this->printHTMLFooter();
 //		phpCAS::traceExit();
 //		exit();
 //	}
 	/**
 	 * This method is used to logout from CAS.
@ -1156,6 +1192,9 @@ class CASClient
 			phpCAS::traceEnd();
 			return;
 		}
 		if(!$this->_start_session){
 			phpCAS::log("phpCAS can't handle logout requests if it does not manage the session.");
 		}
 		phpCAS::log("Logout requested");
 		phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']);
 		if ($check_client) {
@ -1192,7 +1231,12 @@ class CASClient
 		$session_id = preg_replace('/[^\w]/','',$ticket2logout);
 		phpCAS::log("Session id: ".$session_id);
-		// fix New session ID
+		// destroy a possible application session created before phpcas
 		if(session_id()){
 			session_unset();
 			session_destroy();
 		}
 		// fix session ID
 		session_id($session_id);
 		$_COOKIE[session_name()]=$session_id;
 		$_GET[session_name()]=$session_id;
@ -1322,7 +1366,7 @@ class CASClient
 	 * This method is used to validate a ST; halt on failure, and sets $validate_url,
 	 * $text_reponse and $tree_response on success. These parameters are used later
 	 * by CASClient::validatePGT() for CAS proxies.
-	 * 
+	 * Used for all CAS 1.0 validations
 	 * @param $validate_url the URL of the request to the CAS server.
 	 * @param $text_response the response of the CAS server, as is (XML text).
 	 * @param $tree_response the response of the CAS server, as a DOM XML tree.
@ -1338,7 +1382,7 @@ class CASClient
 		$validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST();
 		if ( $this->isProxy() ) {
 			// pass the callback url for CAS proxies
-			$validate_url .= '&pgtUrl='.$this->getCallbackURL();
+			$validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL());
 		}
 		// open and read the URL
@ -1434,7 +1478,7 @@ class CASClient
 				}
 				break;
 		}
-		
+		$this->renameSession($this->getST());
 		// at this step, ST has been validated and $this->_user has been set,
 		phpCAS::traceEnd(TRUE);
 		return TRUE;
@ -1524,7 +1568,7 @@ class CASClient
 				}
 				break;
 		}
-
+		$this->renameSession($this->getSA());
 		// at this step, ST has been validated and $this->_user has been set,
 		phpCAS::traceEnd(TRUE);
 		return TRUE;
@ -1535,7 +1579,7 @@ class CASClient
 	 * payload and put them into an array, then put the array into the session.
 	 *
 	 * @param $text_response the SAML payload.
-    * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
+	 * @return bool TRUE when successfull and FALSE if no attributes a found
 	 *
 	 * @private
 	 */
@ -1556,17 +1600,15 @@ class CASClient
 			$xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
 			$xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
 			$nodelist = $xPath->xpath_eval("//saml:Attribute");
 			if($nodelist){
 				$attrs = $nodelist->nodeset;
                   phpCAS::trace($text_response);
 				foreach($attrs as $attr){
 					$xres = $xPath->xpath_eval("saml:AttributeValue", $attr);
 					$name = $attr->get_attribute("AttributeName");
 					$value_array = array();
 					foreach($xres->nodeset as $node){
 						$value_array[] = $node->get_content();
 					}
                      phpCAS::trace("* " . $name . "=" . $value_array);
 					$attr_array[$name] = $value_array;
 				}
 				$_SESSION[SAML_ATTRIBUTES] = $attr_array;
@ -1574,12 +1616,18 @@ class CASClient
 				foreach($attr_array as $attr_key => $attr_value) {
 					if(count($attr_value) > 1) {
 						$this->_attributes[$attr_key] = $attr_value;
 						phpCAS::trace("* " . $attr_key . "=" . $attr_value);
 					}
 					else {
 						$this->_attributes[$attr_key] = $attr_value[0];
 						phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]);
 					}
 				}
 				$result = TRUE;
 			}else{
 				phpCAS::trace("SAML Attributes are empty");
 				$result = FALSE;
 			}
 		}
 		phpCAS::traceEnd($result);
 		return $result;
@ -2236,6 +2284,7 @@ class CASClient
 	function serviceWeb($url,&$err_code,&$output)
 		{
 		phpCAS::traceBegin();
 		$cookies = array();
 		// at first retrieve a PT
 		$pt = $this->retrievePT($url,$err_code,$output);
@ -2248,7 +2297,8 @@ class CASClient
 			$res = FALSE;
 		} else {
 			// add cookies if necessary
-			if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) {
+			if ( isset($_SESSION['phpCAS']['services'][$url]['cookies']) && 
 					is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) {
 				foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) { 
 					$cookies[] = $name.'='.$val;
 				}
@ -2433,8 +2483,8 @@ class CASClient
 	 */  
 	/**
-	 * This method is used to validate a PT; halt on failure
+	 * This method is used to validate a ST or PT; halt on failure
-	 * 
+	 * Used for all CAS 2.0 validations
 	 * @return bool TRUE when successfull, halt otherwise by calling CASClient::authError().
 	 *
 	 * @private
@ -2447,7 +2497,7 @@ class CASClient
 		if ( $this->isProxy() ) {
 			// pass the callback url for CAS proxies
-			$validate_url .= '&pgtUrl='.$this->getCallbackURL();
+			$validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL());
 		}
 		// open and read the URL
@ -2514,6 +2564,7 @@ class CASClient
 				$text_response);
 		}
 		$this->renameSession($this->getPT());
 		// at this step, PT has been validated and $this->_user has been set,
 		phpCAS::traceEnd(TRUE);
@ -2586,26 +2637,44 @@ class CASClient
 				}
 			}
-			$php_is_for_sissies = split("\?", $_SERVER['REQUEST_URI'], 2);
+			$request_uri	= explode('?', $_SERVER['REQUEST_URI'], 2);
-			$final_uri .= $php_is_for_sissies[0];
+			$final_uri		.= $request_uri[0];
-			if(sizeof($php_is_for_sissies) > 1){
+			
-				$cgi_params = '?' . $php_is_for_sissies[1];
+			if (isset($request_uri[1]) && $request_uri[1])
-			} else {
+			{
-				$cgi_params = '?';
+				$query_string	= $this->removeParameterFromQueryString('ticket', $request_uri[1]);
 				// If the query string still has anything left, append it to the final URI
 				if ($query_string !== '')
 					$final_uri	.= "?$query_string";
 			}
-			// remove the ticket if present in the CGI parameters
+			
-			$cgi_params = preg_replace('/&ticket=[^&]*/','',$cgi_params);
+			phpCAS::trace("Final URI: $final_uri");
 			$cgi_params = preg_replace('/\?ticket=[^&;]*/','?',$cgi_params);
 			$cgi_params = preg_replace('/\?%26/','?',$cgi_params);
 			$cgi_params = preg_replace('/\?&/','?',$cgi_params);
 			$cgi_params = preg_replace('/\?$/','',$cgi_params);
 			$final_uri .= $cgi_params;
 			$this->setURL($final_uri);
 		}
 		phpCAS::traceEnd($this->_url);
 		return $this->_url;
 	}
 	/**
 	 * Removes a parameter from a query string
 	 * 
 	 * @param string $parameterName 
 	 * @param string $queryString
 	 * @return string
 	 *
 	 * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string
 	 */
 	function removeParameterFromQueryString($parameterName, $queryString)
 	{
 		$parameterName	= preg_quote($parameterName);
 		return preg_replace("/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", '', $queryString);
 	}
 	/**
 	 * This method sets the URL of the current request 
 	 *
@ -2641,7 +2710,7 @@ class CASClient
 		phpCAS::traceBegin();
 		$this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED));
-		printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),$this->getURL(),$_SERVER['SERVER_ADMIN']);
+		printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED),htmlentities($this->getURL()),$_SERVER['SERVER_ADMIN']);
 		phpCAS::trace('CAS URL: '.$cas_url);
 		phpCAS::trace('Authentication failure: '.$failure);
 		if ( $no_response ) {