Add some more validation

Author: tvdijen

src/Server.php

@@ -8,6 +8,7 @@
 use SimpleSAML\Configuration;
 use SimpleSAML\Error;
 use SimpleSAML\Logger;
+use SimpleSAML\SAML2\Exception\ProtocolViolationException;
 use SimpleSAML\Utils;
 
 /**
@@ -264,6 +265,7 @@ private static function get(string $parameter): ?array
             return null;
         }
         $message = (string) $_REQUEST[$parameter];
+        Assert::validBase64($message, ProtocolViolationException::class);
 
         $message = @base64_decode($message);
         if ($message === false) {
@@ -375,8 +377,10 @@ private function getCDC(): array
         }
 
         $ret = (string) $_COOKIE['_saml_idp'];
+
         $ret = explode(' ', $ret);
         foreach ($ret as &$idp) {
+            Assert::validBase64($idp, ProtocolViolationException::class);
             $idp = base64_decode($idp);
             if ($idp === false) {
                 // Not properly base64 encoded

tests/src/Controller/CDCTest.php

@@ -57,9 +57,10 @@ public static function setUpBeforeClass(): void
             'simplesaml',
         );
 
-        self::$session = Session::getSessionFromRequest();
-
         Configuration::setPreLoadedConfig(self::$config, 'config.php');
+
+        $_SERVER['REQUEST_URI'] = '/resume';
+        self::$session = Session::getSessionFromRequest();
     }
 
 
@@ -86,7 +87,6 @@ public function testResumeDomainDefaultKey(): void
             'simplesaml',
         );
 
-
         $request = Request::create(
             '/resume',
             'GET',