From 6921b9d4334b01c778e68093434026c7c541b87d Mon Sep 17 00:00:00 2001
From: Andrew Engelbrecht <andrew@fsf.org>
Date: Fri, 7 Jan 2022 12:20:14 -0500
Subject: [PATCH] check whether $result is a string

stream_get_contents() might return false, and we should not implicitly
convert that to a string
---
 lib/Auth/Source/FSFDrupalAuth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Auth/Source/FSFDrupalAuth.php b/lib/Auth/Source/FSFDrupalAuth.php
index 617788e..dc3373e 100644
--- a/lib/Auth/Source/FSFDrupalAuth.php
+++ b/lib/Auth/Source/FSFDrupalAuth.php
@@ -179,7 +179,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
                 $errors_found_yet = true;
             }
     
-            return (!$errors_found_yet && rtrim($result) == "true");
+            return (!$errors_found_yet && is_string($result) && rtrim($result) == "true");
 
         } else {
 
-- 
2.25.1