[TASK] openid: Update php-openid to 2.2.2
authorStefan Neufeind <typo3.neufeind@speedpartner.de>
Sat, 20 Oct 2012 22:42:19 +0000 (00:42 +0200)
committerDmitry Dulepov <dmitry@typo3.org>
Tue, 30 Oct 2012 12:25:57 +0000 (13:25 +0100)
Update to current version.
Github-version contains several small
fixes / cleanups, so a current
checkout was used here.

Change-Id: Ia7006af0ebf651f7a76395e8a684c81c2b37b888
Resolves: #42236
Releases: 6.0
Reviewed-on: http://review.typo3.org/15847
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
43 files changed:
typo3/sysext/openid/lib/php-openid/Auth/OpenID.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/AX.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Association.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/BigMath.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/CryptUtil.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/DatabaseConnection.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/DiffieHellman.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Discover.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/DumbStore.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Extension.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/FileStore.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/HMAC.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Interface.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/KVForm.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/MDB2Store.php [new file with mode: 0644]
typo3/sysext/openid/lib/php-openid/Auth/OpenID/MemcachedStore.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Message.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/MySQLStore.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Nonce.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/PAPE.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Parse.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/PostgreSQLStore.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/SQLStore.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/SQLiteStore.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/SReg.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/Server.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/ServerRequest.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/TrustRoot.php
typo3/sysext/openid/lib/php-openid/Auth/OpenID/URINorm.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/HTTPFetcher.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/Manager.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/Misc.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/ParanoidHTTPFetcher.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/ParseHTML.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/PlainHTTPFetcher.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/XML.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/XRDS.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/XRI.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/XRIRes.php
typo3/sysext/openid/lib/php-openid/Auth/Yadis/Yadis.php
typo3/sysext/openid/lib/php-openid/README.txt
typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch

index 8d53e1d..c9d9779 100644 (file)
@@ -20,7 +20,7 @@
 /**
  * The library version string
  */
-define('Auth_OpenID_VERSION', '2.1.2');
+define('Auth_OpenID_VERSION', '2.2.2');
 
 /**
  * Require the fetcher code.
@@ -102,9 +102,7 @@ define('Auth_OpenID_digits',
 define('Auth_OpenID_punct',
        "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
 
-if (Auth_OpenID_getMathLib() === null) {
-    Auth_OpenID_setNoMathSupport();
-}
+Auth_OpenID_include_init();
 
 /**
  * The OpenID utility function class.
@@ -120,7 +118,7 @@ class Auth_OpenID {
      *
      * @access private
      */
-    function isFailure($thing)
+    static function isFailure($thing)
     {
         return is_a($thing, 'Auth_OpenID_FailureResponse');
     }
@@ -139,9 +137,12 @@ class Auth_OpenID {
      * Returns an empty array if neither GET nor POST was used, or if
      * POST was used but php://input cannot be opened.
      *
+     * See background:
+     * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html
+     *
      * @access private
      */
-    function getQuery($query_str=null)
+    static function getQuery($query_str=null)
     {
         $data = array();
 
@@ -177,7 +178,7 @@ class Auth_OpenID {
         return $data;
     }
 
-    function params_from_string($str)
+    static function params_from_string($str)
     {
         $chunks = explode("&", $str);
 
@@ -190,7 +191,7 @@ class Auth_OpenID {
             }
 
             list($k, $v) = $parts;
-            $data[$k] = urldecode($v);
+            $data[urldecode($k)] = urldecode($v);
         }
 
         return $data;
@@ -203,7 +204,7 @@ class Auth_OpenID {
      *
      * @access private
      */
-    function ensureDir($dir_name)
+    static function ensureDir($dir_name)
     {
         if (is_dir($dir_name) || @mkdir($dir_name)) {
             return true;
@@ -225,7 +226,7 @@ class Auth_OpenID {
      *
      * @access private
      */
-    function addPrefix($values, $prefix)
+    static function addPrefix($values, $prefix)
     {
         $new_values = array();
         foreach ($values as $s) {
@@ -241,7 +242,7 @@ class Auth_OpenID {
      *
      * @access private
      */
-    function arrayGet($arr, $key, $fallback = null)
+    static function arrayGet($arr, $key, $fallback = null)
     {
         if (is_array($arr)) {
             if (array_key_exists($key, $arr)) {
@@ -261,7 +262,7 @@ class Auth_OpenID {
     /**
      * Replacement for PHP's broken parse_str.
      */
-    function parse_str($query)
+    static function parse_str($query)
     {
         if ($query === null) {
             return null;
@@ -278,7 +279,7 @@ class Auth_OpenID {
             }
 
             list($key, $value) = $pair;
-            $new_parts[$key] = urldecode($value);
+            $new_parts[urldecode($key)] = urldecode($value);
         }
 
         return $new_parts;
@@ -295,7 +296,7 @@ class Auth_OpenID {
      * pairs from $data into a URL query string
      * (e.g. "username=bob&id=56").
      */
-    function httpBuildQuery($data)
+    static function httpBuildQuery($data)
     {
         $pairs = array();
         foreach ($data as $key => $value) {
@@ -323,7 +324,7 @@ class Auth_OpenID {
      * @return string $url The original URL with the new parameters added.
      *
      */
-    function appendArgs($url, $args)
+    static function appendArgs($url, $args)
     {
         if (count($args) == 0) {
             return $url;
@@ -367,7 +368,7 @@ class Auth_OpenID {
      * @return string $url The URL resulting from assembling the
      * specified components.
      */
-    function urlunparse($scheme, $host, $port = null, $path = '/',
+    static function urlunparse($scheme, $host, $port = null, $path = '/',
                         $query = '', $fragment = '')
     {
 
@@ -412,7 +413,7 @@ class Auth_OpenID {
      * @return mixed $new_url The URL after normalization, or null if
      * $url was malformed.
      */
-    function normalizeUrl($url)
+    static function normalizeUrl($url)
     {
         @$parsed = parse_url($url);
 
@@ -443,7 +444,7 @@ class Auth_OpenID {
      *
      * @access private
      */
-    function intval($value)
+    static function intval($value)
     {
         $re = "/^\\d+$/";
 
@@ -461,7 +462,7 @@ class Auth_OpenID {
      * @param string $str The string of bytes to count.
      * @return int The number of bytes in $str.
      */
-    function bytes($str)
+    static function bytes($str)
     {
         return strlen(bin2hex($str)) / 2;
     }
@@ -470,7 +471,7 @@ class Auth_OpenID {
      * Get the bytes in a string independently of multibyte support
      * conditions.
      */
-    function toBytes($str)
+    static function toBytes($str)
     {
         $hex = bin2hex($str);
 
@@ -486,7 +487,7 @@ class Auth_OpenID {
         return $b;
     }
 
-    function urldefrag($url)
+    static function urldefrag($url)
     {
         $parts = explode("#", $url, 2);
 
@@ -497,7 +498,7 @@ class Auth_OpenID {
         }
     }
 
-    function filter($callback, &$sequence)
+    static function filter($callback, &$sequence)
     {
         $result = array();
 
@@ -510,7 +511,7 @@ class Auth_OpenID {
         return $result;
     }
 
-    function update(&$dest, &$src)
+    static function update(&$dest, &$src)
     {
         foreach ($src as $k => $v) {
             $dest[$k] = $v;
@@ -524,14 +525,14 @@ class Auth_OpenID {
      *
      * @param string $format_string The sprintf format for the message
      */
-    function log($format_string)
+    static function log($format_string)
     {
         $args = func_get_args();
         $message = call_user_func_array('sprintf', $args);
         error_log($message);
     }
 
-    function autoSubmitHTML($form, $title="OpenId transaction in progress")
+    static function autoSubmitHTML($form, $title="OpenId transaction in progress")
     {
         return("<html>".
                "<head><title>".
@@ -549,4 +550,14 @@ class Auth_OpenID {
                "</html>");
     }
 }
-?>
\ No newline at end of file
+
+/*
+ * Function to run when this file is included.
+ * Abstracted to a function to make life easier
+ * for some PHP optimizers.
+ */
+function Auth_OpenID_include_init() {
+  if (Auth_OpenID_getMathLib() === null) {
+    Auth_OpenID_setNoMathSupport();
+  }
+}
index 107f52b..7370715 100644 (file)
@@ -38,7 +38,7 @@ class Auth_OpenID_AX {
      * @return bool true if $thing is an Auth_OpenID_AX_Error; false
      * if not.
      */
-    function isError($thing)
+    static function isError($thing)
     {
         return is_a($thing, 'Auth_OpenID_AX_Error');
     }
@@ -191,7 +191,7 @@ class Auth_OpenID_AX_AttrInfo {
      * Construct an attribute information object.  For parameter
      * details, see the constructor.
      */
-    function make($type_uri, $count=1, $required=false,
+    static function make($type_uri, $count=1, $required=false,
                   $alias=null)
     {
         if ($alias !== null) {
@@ -386,7 +386,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
      * Auth_OpenID_AX_FetchRequest extracted from the request message if
      * successful
      */
-    function &fromOpenIDRequest($request)
+    static function fromOpenIDRequest($request)
     {
         $m = $request->message;
         $obj = new Auth_OpenID_AX_FetchRequest();
@@ -484,7 +484,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
                          Auth_OpenID::arrayGet($ax_args, 'required'));
 
         foreach ($required as $type_uri) {
-            $attrib =& $this->requested_attributes[$type_uri];
+            $attrib = $this->requested_attributes[$type_uri];
             $attrib->required = true;
         }
 
@@ -573,7 +573,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
      * @param type_uri: The URI for the attribute
      * @param values: A list of values to send for this attribute.
      */
-    function setValues($type_uri, $values)
+    function setValues($type_uri, &$values)
     {
         $this->data[$type_uri] =& $values;
     }
@@ -652,7 +652,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
         foreach ($aliases->iteritems() as $pair) {
             list($type_uri, $alias) = $pair;
 
-            if (array_key_exists('count.' . $alias, $ax_args)) {
+            if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
 
                 $count_key = 'count.' . $alias;
                 $count_s = $ax_args[$count_key];
@@ -922,7 +922,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
      * @return $response A FetchResponse containing the data from the
      * OpenID message
      */
-    function fromSuccessResponse($success_response, $signed=true)
+    static function fromSuccessResponse($success_response, $signed=true)
     {
         $obj = new Auth_OpenID_AX_FetchResponse();
         if ($signed) {
@@ -980,7 +980,7 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
      * Returns Auth_OpenID_AX_Error on error or an
      * Auth_OpenID_AX_StoreResponse object on success.
      */
-    function &make($succeeded=true, $error_message=null)
+    function make($succeeded=true, $error_message=null)
     {
         if (($succeeded) && ($error_message !== null)) {
             return new Auth_OpenID_AX_Error('An error message may only be '.
@@ -1020,4 +1020,3 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
     }
 }
 
-?>
\ No newline at end of file
index 83bdd98..2729138 100644 (file)
@@ -94,7 +94,7 @@ class Auth_OpenID_Association {
      * @return association An {@link Auth_OpenID_Association}
      * instance.
      */
-    function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
+    static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
     {
         $issued = time();
         $lifetime = $expires_in;
@@ -132,7 +132,7 @@ class Auth_OpenID_Association {
         $handle, $secret, $issued, $lifetime, $assoc_type)
     {
         if (!in_array($assoc_type,
-                      Auth_OpenID_getSupportedAssociationTypes())) {
+                      Auth_OpenID_getSupportedAssociationTypes(), true)) {
             $fmt = 'Unsupported association type (%s)';
             trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
         }
@@ -206,7 +206,7 @@ class Auth_OpenID_Association {
      * @param string $assoc_s Association as serialized by serialize()
      * @return Auth_OpenID_Association $result instance of this class
      */
-    function deserialize($class_name, $assoc_s)
+    static function deserialize($class_name, $assoc_s)
     {
         $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
         $keys = array();
@@ -374,7 +374,7 @@ class Auth_OpenID_Association {
         }
 
         $calculated_sig = $this->getMessageSignature($message);
-        return $calculated_sig == $sig;
+        return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
     }
 }
 
@@ -469,18 +469,16 @@ function Auth_OpenID_getOnlyEncryptedOrder()
     return $result;
 }
 
-function &Auth_OpenID_getDefaultNegotiator()
+function Auth_OpenID_getDefaultNegotiator()
 {
-    $x = new Auth_OpenID_SessionNegotiator(
+    return new Auth_OpenID_SessionNegotiator(
                  Auth_OpenID_getDefaultAssociationOrder());
-    return $x;
 }
 
-function &Auth_OpenID_getEncryptedNegotiator()
+function Auth_OpenID_getEncryptedNegotiator()
 {
-    $x = new Auth_OpenID_SessionNegotiator(
+    return new Auth_OpenID_SessionNegotiator(
                  Auth_OpenID_getOnlyEncryptedOrder());
-    return $x;
 }
 
 /**
@@ -610,4 +608,3 @@ class Auth_OpenID_SessionNegotiator {
     }
 }
 
-?>
\ No newline at end of file
index 83c4e18..58b46bf 100644 (file)
@@ -351,8 +351,7 @@ function Auth_OpenID_math_extensions()
                   'class' => 'Auth_OpenID_GmpMathWrapper');
     }
 
-    $result[] = array(
-                      'modules' => array('bcmath', 'php_bcmath'),
+    $result[] = array('modules' => array('bcmath', 'php_bcmath'),
                       'extension' => 'bcmath',
                       'class' => 'Auth_OpenID_BcMathWrapper');
 
@@ -365,29 +364,9 @@ function Auth_OpenID_math_extensions()
 function Auth_OpenID_detectMathLibrary($exts)
 {
     $loaded = false;
-    $hasDl = function_exists('dl');
 
     foreach ($exts as $extension) {
-        // See if the extension specified is already loaded.
-        if ($extension['extension'] &&
-            extension_loaded($extension['extension'])) {
-            $loaded = true;
-        }
-
-        // Try to load dynamic modules.
-        if (!$loaded && $hasDl) {
-            foreach ($extension['modules'] as $module) {
-                if (@dl($module . "." . PHP_SHLIB_SUFFIX)) {
-                    $loaded = true;
-                    break;
-                }
-            }
-        }
-
-        // If the load succeeded, supply an instance of
-        // Auth_OpenID_MathWrapper which wraps the specified
-        // module's functionality.
-        if ($loaded) {
+        if (extension_loaded($extension['extension'])) {
             return $extension;
         }
     }
@@ -406,7 +385,7 @@ function Auth_OpenID_detectMathLibrary($exts)
  * instance of a wrapper for that extension module.  If no extension
  * module is found, an instance of {@link Auth_OpenID_MathWrapper} is
  * returned, which wraps the native PHP integer implementation.  The
- * proper calling convention for this method is $lib =&
+ * proper calling convention for this method is $lib =
  * Auth_OpenID_getMathLib().
  *
  * This function checks for the existence of specific long number
@@ -417,7 +396,7 @@ function Auth_OpenID_detectMathLibrary($exts)
  *
  * @package OpenID
  */
-function &Auth_OpenID_getMathLib()
+function Auth_OpenID_getMathLib()
 {
     // The instance of Auth_OpenID_MathWrapper that we choose to
     // supply will be stored here, so that subseqent calls to this
@@ -469,4 +448,4 @@ function Auth_OpenID_noMathSupport()
     return defined('Auth_OpenID_NO_MATH_SUPPORT');
 }
 
-?>
\ No newline at end of file
+
index 5cc69c0..d562e33 100644 (file)
@@ -29,7 +29,7 @@
  * identity check.
  *
  * LIBRARY DESIGN
- *
+ * 
  * This consumer library is designed with that flow in mind.  The goal
  * is to make it as easy as possible to perform the above steps
  * securely.
@@ -265,7 +265,7 @@ class Auth_OpenID_Consumer {
             $session = new Auth_Yadis_PHPSession();
         }
 
-        $this->session =& $session;
+        $this->session = $session;
 
         if ($consumer_cls !== null) {
             $this->consumer = new $consumer_cls($store);
@@ -339,7 +339,7 @@ class Auth_OpenID_Consumer {
                                            $this->consumer->fetcher);
 
         // Reset the 'stale' attribute of the manager.
-        $m =& $disco->getManager();
+        $m = $disco->getManager();
         if ($m) {
             $m->stale = false;
             $disco->session->set($disco->session_key,
@@ -370,7 +370,7 @@ class Auth_OpenID_Consumer {
      * @return Auth_OpenID_AuthRequest $auth_request An OpenID
      * authentication request object.
      */
-    function &beginWithoutDiscovery($endpoint, $anonymous=false)
+    function beginWithoutDiscovery($endpoint, $anonymous=false)
     {
         $loader = new Auth_OpenID_ServiceEndpointLoader();
         $auth_req = $this->consumer->begin($endpoint);
@@ -427,7 +427,7 @@ class Auth_OpenID_Consumer {
             $loader->fromSession($endpoint_data);
 
         $message = Auth_OpenID_Message::fromPostArgs($query);
-        $response = $this->consumer->complete($message, $endpoint,
+        $response = $this->consumer->complete($message, $endpoint, 
                                               $current_url);
         $this->session->del($this->_token_key);
 
@@ -467,7 +467,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
 
     function getRequest()
     {
-        $math =& Auth_OpenID_getMathLib();
+        $math = Auth_OpenID_getMathLib();
 
         $cpub = $math->longToBase64($this->dh->public);
 
@@ -496,7 +496,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
             return null;
         }
 
-        $math =& Auth_OpenID_getMathLib();
+        $math = Auth_OpenID_getMathLib();
 
         $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS,
                                                       'dh_server_public'));
@@ -613,9 +613,9 @@ class Auth_OpenID_GenericConsumer {
      */
     function Auth_OpenID_GenericConsumer($store)
     {
-        $this->store =& $store;
-        $this->negotiator =& Auth_OpenID_getDefaultNegotiator();
-        $this->_use_assocs = ($this->store ? true : false);
+        $this->store = $store;
+        $this->negotiator = Auth_OpenID_getDefaultNegotiator();
+        $this->_use_assocs = (is_null($this->store) ? false : true);
 
         $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
 
@@ -666,7 +666,7 @@ class Auth_OpenID_GenericConsumer {
                                         '_completeInvalid');
 
         return call_user_func_array(array($this, $method),
-                                    array($message, $endpoint, $return_to));
+                                    array($message, &$endpoint, $return_to));
     }
 
     /**
@@ -957,11 +957,11 @@ class Auth_OpenID_GenericConsumer {
             }
 
             if (!$assoc->checkMessageSignature($message)) {
-                               // If we get a "bad signature" here, it means that the association
-                               // is unrecoverabley corrupted in some way. Any futher attempts
-                               // to login with this association is likely to fail. Drop it.
-                               $this->store->removeAssociation($server_url, $assoc_handle);
-                               return new Auth_OpenID_FailureResponse(null,
+                // If we get a "bad signature" here, it means that the association
+                // is unrecoverabley corrupted in some way. Any futher attempts
+                // to login with this association is likely to fail. Drop it.
+                $this->store->removeAssociation($server_url, $assoc_handle);
+                return new Auth_OpenID_FailureResponse(null,
                                                        "Bad signature");
             }
         } else {
@@ -1182,12 +1182,12 @@ class Auth_OpenID_GenericConsumer {
      */
     function _discoverAndVerify($claimed_id, $to_match_endpoints)
     {
-
-
         // oidutil.log('Performing discovery on %s' % (claimed_id,))
-        list($unused, $services) = call_user_func($this->discoverMethod,
-                                                  $claimed_id,
-                                                  $this->fetcher);
+        list($unused, $services) = call_user_func_array($this->discoverMethod,
+                                                        array(
+                                                            $claimed_id,
+                                                            &$this->fetcher,
+                                                        ));
 
         if (!$services) {
             return new Auth_OpenID_FailureResponse(null,
@@ -1202,7 +1202,7 @@ class Auth_OpenID_GenericConsumer {
     /**
      * @access private
      */
-    function _verifyDiscoveryServices($claimed_id,
+    function _verifyDiscoveryServices($claimed_id, 
                                       $services, $to_match_endpoints)
     {
         // Search the services resulting from discovery to find one
@@ -1210,7 +1210,7 @@ class Auth_OpenID_GenericConsumer {
 
         foreach ($services as $endpoint) {
             foreach ($to_match_endpoints as $to_match_endpoint) {
-                $result = $this->_verifyDiscoverySingle($endpoint,
+                $result = $this->_verifyDiscoverySingle($endpoint, 
                                                         $to_match_endpoint);
 
                 if (!Auth_OpenID::isFailure($result)) {
@@ -1222,8 +1222,8 @@ class Auth_OpenID_GenericConsumer {
         }
 
         return new Auth_OpenID_FailureResponse(null,
-          sprintf('No matching endpoint found after discovering %s',
-                  $claimed_id));
+          sprintf('No matching endpoint found after discovering %s: %s',
+                  $claimed_id, $result->message));
     }
 
     /**
@@ -1301,7 +1301,8 @@ class Auth_OpenID_GenericConsumer {
             Auth_OpenID_OPENID2_NS => array_merge($basic_sig_fields,
                                                   array('response_nonce',
                                                         'claimed_id',
-                                                        'assoc_handle')),
+                                                        'assoc_handle',
+                                                        'op_endpoint')),
             Auth_OpenID_OPENID1_NS => array_merge($basic_sig_fields,
                                                   array('nonce'))
             );
@@ -1367,7 +1368,7 @@ class Auth_OpenID_GenericConsumer {
             }
         }
         $ca_message = $message->copy();
-        $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode',
+        $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode', 
                             'check_authentication');
         return $ca_message;
     }
@@ -1402,7 +1403,7 @@ class Auth_OpenID_GenericConsumer {
      *
      * @access private
      */
-    function _httpResponseToMessage($response, $server_url)
+    static function _httpResponseToMessage($response, $server_url)
     {
         // Should this function be named Message.fromHTTPResponse instead?
         $response_message = Auth_OpenID_Message::fromKVForm($response->body);
@@ -1605,7 +1606,7 @@ class Auth_OpenID_GenericConsumer {
 
         $expires_in = Auth_OpenID::intval($expires_in_str);
         if ($expires_in === false) {
-
+            
             $err = sprintf("Could not parse expires_in from association ".
                            "response %s", print_r($assoc_response, true));
             return new Auth_OpenID_FailureResponse(null, $err);
@@ -1756,7 +1757,7 @@ class Auth_OpenID_AuthRequest {
     function Auth_OpenID_AuthRequest($endpoint, $assoc)
     {
         $this->assoc = $assoc;
-        $this->endpoint =& $endpoint;
+        $this->endpoint = $endpoint;
         $this->return_to_args = array();
         $this->message = new Auth_OpenID_Message(
             $endpoint->preferredNamespace());
@@ -1952,7 +1953,7 @@ class Auth_OpenID_AuthRequest {
     function htmlMarkup($realm, $return_to=null, $immediate=false,
                         $form_tag_attrs=null)
     {
-        $form = $this->formMarkup($realm, $return_to, $immediate,
+        $form = $this->formMarkup($realm, $return_to, $immediate, 
                                   $form_tag_attrs);
 
         if (Auth_OpenID::isFailure($form)) {
@@ -2094,7 +2095,7 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse {
 
         foreach ($msg_args as $key => $value) {
             if (!$this->isSigned($ns_uri, $key)) {
-                return null;
+                unset($msg_args[$key]);
             }
         }
 
@@ -2172,7 +2173,7 @@ class Auth_OpenID_ServerErrorContainer {
     /**
      * @access private
      */
-    function fromMessage($message)
+    static function fromMessage($message)
     {
         $error_text = $message->getArg(
            Auth_OpenID_OPENID_NS, 'error', '<no error message supplied>');
@@ -2232,4 +2233,4 @@ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse {
     }
 }
 
-?>
\ No newline at end of file
+
index aacc3cd..3c60cea 100644 (file)
@@ -37,7 +37,7 @@ class Auth_OpenID_CryptUtil {
      * @param int $num_bytes The length of the return value
      * @return string $bytes random bytes
      */
-    function getBytes($num_bytes)
+    static function getBytes($num_bytes)
     {
         static $f = null;
         $bytes = '';
@@ -77,7 +77,7 @@ class Auth_OpenID_CryptUtil {
      * @return string $result A string of randomly-chosen characters
      * from $chrs
      */
-    function randomString($length, $population = null)
+    static function randomString($length, $population = null)
     {
         if ($population === null) {
             return Auth_OpenID_CryptUtil::getBytes($length);
@@ -104,6 +104,19 @@ class Auth_OpenID_CryptUtil {
 
         return $str;
     }
+
+    static function constEq($s1, $s2)
+    {
+        if (strlen($s1) != strlen($s2)) {
+            return false;
+        }
+
+        $result = true;
+        $length = strlen($s1);
+        for ($i = 0; $i < $length; $i++) {
+            $result &= ($s1[$i] == $s2[$i]);
+        }
+        return $result;
+    }
 }
 
-?>
\ No newline at end of file
index 699669f..3e25b7d 100644 (file)
@@ -51,9 +51,9 @@ class Auth_OpenID_DiffieHellman {
                                        $private = null, $lib = null)
     {
         if ($lib === null) {
-            $this->lib =& Auth_OpenID_getMathLib();
+            $this->lib = Auth_OpenID_getMathLib();
         } else {
-            $this->lib =& $lib;
+            $this->lib = $lib;
         }
 
         if ($mod === null) {
@@ -110,4 +110,4 @@ class Auth_OpenID_DiffieHellman {
     }
 }
 
-?>
\ No newline at end of file
+
index abf6938..7b0c640 100644 (file)
@@ -28,8 +28,34 @@ function Auth_OpenID_getOpenIDTypeURIs()
                  Auth_OpenID_TYPE_2_0,
                  Auth_OpenID_TYPE_1_2,
                  Auth_OpenID_TYPE_1_1,
-                 Auth_OpenID_TYPE_1_0,
-                 Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+                 Auth_OpenID_TYPE_1_0);
+}
+
+function Auth_OpenID_getOpenIDConsumerTypeURIs()
+{
+    return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+}
+
+
+/*
+ * Provides a user-readable interpretation of a type uri.
+ * Useful for error messages.
+ */
+function Auth_OpenID_getOpenIDTypeName($type_uri) {
+    switch ($type_uri) {
+    case Auth_OpenID_TYPE_2_0_IDP:
+      return 'OpenID 2.0 IDP';
+    case Auth_OpenID_TYPE_2_0:
+      return 'OpenID 2.0';
+    case Auth_OpenID_TYPE_1_2:
+      return 'OpenID 1.2';
+    case Auth_OpenID_TYPE_1_1:
+      return 'OpenID 1.1';
+    case Auth_OpenID_TYPE_1_0:
+      return 'OpenID 1.0';
+    case Auth_OpenID_RP_RETURN_TO_URL_TYPE:
+      return 'OpenID relying party';
+    }
 }
 
 /**
@@ -124,7 +150,7 @@ class Auth_OpenID_ServiceEndpoint {
         return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris);
     }
 
-    function fromOPEndpointURL($op_endpoint_url)
+    static function fromOPEndpointURL($op_endpoint_url)
     {
         // Construct an OP-Identifier OpenIDServiceEndpoint object for
         // a given OP Endpoint URL
@@ -172,17 +198,36 @@ class Auth_OpenID_ServiceEndpoint {
     }
 
     /*
-     * Parse the given document as XRDS looking for OpenID services.
+     * Parse the given document as XRDS looking for OpenID consumer services.
      *
      * @return array of Auth_OpenID_ServiceEndpoint or null if the
      * document cannot be parsed.
      */
-    function fromXRDS($uri, $xrds_text)
+    function consumerFromXRDS($uri, $xrds_text)
     {
         $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
 
         if ($xrds) {
             $yadis_services =
+              $xrds->services(array('filter_MatchesAnyOpenIDConsumerType'));
+            return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
+        }
+
+        return null;
+    }
+
+    /*
+     * Parse the given document as XRDS looking for OpenID services.
+     *
+     * @return array of Auth_OpenID_ServiceEndpoint or null if the
+     * document cannot be parsed.
+     */
+    static function fromXRDS($uri, $xrds_text)
+    {
+        $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text);
+
+        if ($xrds) {
+            $yadis_services =
               $xrds->services(array('filter_MatchesAnyOpenIDType'));
             return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
         }
@@ -197,7 +242,7 @@ class Auth_OpenID_ServiceEndpoint {
      * @return array of Auth_OpenID_ServiceEndpoint or null if
      * endpoints cannot be created.
      */
-    function fromDiscoveryResult($discoveryResult)
+    static function fromDiscoveryResult($discoveryResult)
     {
         if ($discoveryResult->isXRDS()) {
             return Auth_OpenID_ServiceEndpoint::fromXRDS(
@@ -210,7 +255,7 @@ class Auth_OpenID_ServiceEndpoint {
         }
     }
 
-    function fromHTML($uri, $html)
+    static function fromHTML($uri, $html)
     {
         $discovery_types = array(
                                  array(Auth_OpenID_TYPE_2_0,
@@ -273,7 +318,7 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
     $service->parser->registerNamespace('xrd',
                                         Auth_Yadis_XMLNS_XRD_2_0);
 
-    $parser =& $service->parser;
+    $parser = $service->parser;
 
     $permitted_tags = array();
 
@@ -318,6 +363,19 @@ function filter_MatchesAnyOpenIDType($service)
     return false;
 }
 
+function filter_MatchesAnyOpenIDConsumerType(&$service)
+{
+    $uris = $service->getTypes();
+
+    foreach ($uris as $uri) {
+        if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 function Auth_OpenID_bestMatchingService($service, $preferred_types)
 {
     // Return the index of the first matching type, or something
@@ -438,7 +496,7 @@ function Auth_OpenID_discoverWithYadis($uri, $fetcher,
     $yadis_url = $response->normalized_uri;
     $yadis_services = array();
 
-    if ($response->isFailure()) {
+    if ($response->isFailure() && !$response->isXRDS()) {
         return array($uri, array());
     }
 
@@ -545,4 +603,4 @@ function Auth_OpenID_discover($uri, $fetcher)
     return $result;
 }
 
-?>
\ No newline at end of file
+
index 22fd2d3..e8f29ac 100644 (file)
@@ -97,4 +97,3 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
     }
 }
 
-?>
\ No newline at end of file
index f362a4b..c4e38c0 100644 (file)
@@ -39,7 +39,7 @@ class Auth_OpenID_Extension {
      *
      * Returns the message with the extension arguments added.
      */
-    function toMessage(&$message)
+    function toMessage($message)
     {
         $implicit = $message->isOpenID1();
         $added = $message->namespaces->addAlias($this->ns_uri,
@@ -59,4 +59,3 @@ class Auth_OpenID_Extension {
     }
 }
 
-?>
\ No newline at end of file
index 13ce1bc..074421a 100644 (file)
@@ -367,7 +367,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
         }
 
         if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
-            return False;
+            return false;
         }
 
         if ($server_url) {
@@ -519,7 +519,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
     /**
      * @access private
      */
-    function _mkdtemp($dir)
+    static function _mkdtemp($dir)
     {
         foreach (range(0, 4) as $i) {
             $name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) .
@@ -615,4 +615,4 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
     }
 }
 
-?>
\ No newline at end of file
+
index ec42db8..e6c4bdf 100644 (file)
@@ -60,6 +60,13 @@ function Auth_OpenID_HMACSHA1($key, $text)
         $key = Auth_OpenID_SHA1($key, true);
     }
 
+    if (function_exists('hash_hmac') &&
+        function_exists('hash_algos') &&
+        (in_array('sha1', hash_algos()))) {
+        return hash_hmac('sha1', $text, $key, true);
+    }
+    // Home-made solution
+
     $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00));
     $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
     $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
@@ -96,4 +103,3 @@ if (function_exists('hash_hmac') &&
     define('Auth_OpenID_HMACSHA256_SUPPORTED', false);
 }
 
-?>
\ No newline at end of file
index fb342a0..dd02661 100644 (file)
@@ -26,7 +26,7 @@ class Auth_OpenID_KVForm {
      * @static
      * @access private
      */
-    function toArray($kvs, $strict=false)
+    static function toArray($kvs, $strict=false)
     {
         $lines = explode("\n", $kvs);
 
@@ -78,7 +78,7 @@ class Auth_OpenID_KVForm {
      * @static
      * @access private
      */
-    function fromArray($values)
+    static function fromArray($values)
     {
         if ($values === null) {
             return null;
@@ -109,4 +109,3 @@ class Auth_OpenID_KVForm {
     }
 }
 
-?>
\ No newline at end of file
diff --git a/typo3/sysext/openid/lib/php-openid/Auth/OpenID/MDB2Store.php b/typo3/sysext/openid/lib/php-openid/Auth/OpenID/MDB2Store.php
new file mode 100644 (file)
index 0000000..80024ba
--- /dev/null
@@ -0,0 +1,413 @@
+<?php
+
+/**
+ * SQL-backed OpenID stores for use with PEAR::MDB2.
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author JanRain, Inc. <openid@janrain.com>
+ * @copyright 2005 Janrain, Inc.
+ * @license http://www.gnu.org/copyleft/lesser.html LGPL
+ */
+
+require_once 'MDB2.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/Interface.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID.php';
+
+/**
+ * @access private
+ */
+require_once 'Auth/OpenID/Nonce.php';
+
+/**
+ * This store uses a PEAR::MDB2 connection to store persistence
+ * information.
+ *
+ * The table names used are determined by the class variables
+ * associations_table_name and nonces_table_name.  To change the name
+ * of the tables used, pass new table names into the constructor.
+ *
+ * To create the tables with the proper schema, see the createTables
+ * method.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
+    /**
+     * This creates a new MDB2Store instance.  It requires an
+     * established database connection be given to it, and it allows
+     * overriding the default table names.
+     *
+     * @param connection $connection This must be an established
+     * connection to a database of the correct type for the SQLStore
+     * subclass you're using.  This must be a PEAR::MDB2 connection
+     * handle.
+     *
+     * @param associations_table: This is an optional parameter to
+     * specify the name of the table used for storing associations.
+     * The default value is 'oid_associations'.
+     *
+     * @param nonces_table: This is an optional parameter to specify
+     * the name of the table used for storing nonces.  The default
+     * value is 'oid_nonces'.
+     */
+    function Auth_OpenID_MDB2Store($connection,
+                                  $associations_table = null,
+                                  $nonces_table = null)
+    {
+        $this->associations_table_name = "oid_associations";
+        $this->nonces_table_name = "oid_nonces";
+
+        // Check the connection object type to be sure it's a PEAR
+        // database connection.
+        if (!is_object($connection) ||
+            !is_subclass_of($connection, 'mdb2_driver_common')) {
+            trigger_error("Auth_OpenID_MDB2Store expected PEAR connection " .
+                          "object (got ".get_class($connection).")",
+                          E_USER_ERROR);
+            return;
+        }
+
+        $this->connection = $connection;
+
+        // Be sure to set the fetch mode so the results are keyed on
+        // column name instead of column index.
+        $this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC);
+        
+        if (PEAR::isError($this->connection->loadModule('Extended'))) {
+            trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR);
+            return;
+        }
+
+        if ($associations_table) {
+            $this->associations_table_name = $associations_table;
+        }
+
+        if ($nonces_table) {
+            $this->nonces_table_name = $nonces_table;
+        }
+
+        $this->max_nonce_age = 6 * 60 * 60;
+    }
+
+    function tableExists($table_name)
+    {
+        return !PEAR::isError($this->connection->query(
+                                  sprintf("SELECT * FROM %s LIMIT 0",
+                                          $table_name)));
+    }
+
+    function createTables()
+    {
+        $n = $this->create_nonce_table();
+        $a = $this->create_assoc_table();
+
+        if (!$n || !$a) {
+            return false;
+        }
+        return true;
+    }
+
+    function create_nonce_table()
+    {
+        if (!$this->tableExists($this->nonces_table_name)) {
+            switch ($this->connection->phptype) {
+                case "mysql":
+                case "mysqli":
+                    // Custom SQL for MySQL to use InnoDB and variable-
+                    // length keys
+                    $r = $this->connection->exec(
+                        sprintf("CREATE TABLE %s (\n".
+                                "  server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
+                                "  timestamp INTEGER NOT NULL,\n".
+                                "  salt CHAR(40) NOT NULL,\n".
+                                "  UNIQUE (server_url(255), timestamp, salt)\n".
+                                ") TYPE=InnoDB",
+                                $this->nonces_table_name));
+                    if (PEAR::isError($r)) {
+                        return false;
+                    }
+                    break;
+                default:
+                    if (PEAR::isError(
+                        $this->connection->loadModule('Manager'))) {
+                        return false;
+                    }
+                    $fields = array(
+                        "server_url" => array(
+                            "type" => "text",
+                            "length" => 2047,
+                            "notnull" => true
+                        ),
+                        "timestamp" => array(
+                            "type" => "integer",
+                            "notnull" => true
+                        ),
+                        "salt" => array(
+                            "type" => "text",
+                            "length" => 40,
+                            "fixed" => true,
+                            "notnull" => true
+                        )
+                    );
+                    $constraint = array(
+                        "unique" => 1,
+                        "fields" => array(
+                            "server_url" => true,
+                            "timestamp" => true,
+                            "salt" => true
+                        )
+                    );
+                    
+                    $r = $this->connection->createTable($this->nonces_table_name,
+                                                        $fields);
+                    if (PEAR::isError($r)) {
+                        return false;
+                    }
+                    
+                    $r = $this->connection->createConstraint(
+                        $this->nonces_table_name,
+                        $this->nonces_table_name . "_constraint",
+                        $constraint);
+                    if (PEAR::isError($r)) {
+                        return false;
+                    }
+                    break;
+            }
+        }
+        return true;
+    }
+
+    function create_assoc_table()
+    {
+        if (!$this->tableExists($this->associations_table_name)) {
+            switch ($this->connection->phptype) {
+                case "mysql":
+                case "mysqli":
+                    // Custom SQL for MySQL to use InnoDB and variable-
+                    // length keys
+                    $r = $this->connection->exec(
+                        sprintf("CREATE TABLE %s(\n".
+                                "  server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
+                                "  handle VARCHAR(255) NOT NULL,\n".
+                                "  secret BLOB NOT NULL,\n".
+                                "  issued INTEGER NOT NULL,\n".
+                                "  lifetime INTEGER NOT NULL,\n".
+                                "  assoc_type VARCHAR(64) NOT NULL,\n".
+                                "  PRIMARY KEY (server_url(255), handle)\n".
+                                ") TYPE=InnoDB",
+                            $this->associations_table_name));
+                    if (PEAR::isError($r)) {
+                        return false;
+                    }
+                    break;
+                default:
+                    if (PEAR::isError(
+                        $this->connection->loadModule('Manager'))) {
+                        return false;
+                    }
+                    $fields = array(
+                        "server_url" => array(
+                            "type" => "text",
+                            "length" => 2047,
+                            "notnull" => true
+                        ),
+                        "handle" => array(
+                            "type" => "text",
+                            "length" => 255,
+                            "notnull" => true
+                        ),
+                        "secret" => array(
+                            "type" => "blob",
+                            "length" => "255",
+                            "notnull" => true
+                        ),
+                        "issued" => array(
+                            "type" => "integer",
+                            "notnull" => true
+                        ),
+                        "lifetime" => array(
+                            "type" => "integer",
+                            "notnull" => true
+                        ),
+                        "assoc_type" => array(
+                            "type" => "text",
+                            "length" => 64,
+                            "notnull" => true
+                        )
+                    );
+                    $options = array(
+                        "primary" => array(
+                            "server_url" => true,
+                            "handle" => true
+                        )
+                    );
+                    
+                    $r = $this->connection->createTable(
+                        $this->associations_table_name,
+                        $fields,
+                        $options);
+                    if (PEAR::isError($r)) {
+                        return false;
+                    }
+                    break;
+            }
+        }
+        return true;
+    }
+
+    function storeAssociation($server_url, $association)
+    {
+        $fields = array(
+            "server_url" => array(
+                "value" => $server_url,
+                "key" => true
+            ),
+            "handle" => array(
+                "value" => $association->handle,
+                "key" => true
+            ),
+            "secret" => array(
+                "value" => $association->secret,
+                "type" => "blob"
+            ),
+            "issued" => array(
+                "value" => $association->issued
+            ),
+            "lifetime" => array(
+                "value" => $association->lifetime
+            ),
+            "assoc_type" => array(
+                "value" => $association->assoc_type
+            )
+        );
+        
+        return !PEAR::isError($this->connection->replace(
+                                  $this->associations_table_name,
+                                  $fields));
+    }
+
+    function cleanupNonces()
+    {
+        global $Auth_OpenID_SKEW;
+        $v = time() - $Auth_OpenID_SKEW;
+
+        return $this->connection->exec(
+            sprintf("DELETE FROM %s WHERE timestamp < %d",
+                    $this->nonces_table_name, $v));
+    }
+
+    function cleanupAssociations()
+    {
+        return $this->connection->exec(
+            sprintf("DELETE FROM %s WHERE issued + lifetime < %d",
+                    $this->associations_table_name, time()));
+    }
+
+    function getAssociation($server_url, $handle = null)
+    {
+        $sql = "";
+        $params = null;
+        $types = array(
+                       "text",
+                       "blob",
+                       "integer",
+                       "integer",
+                       "text"
+                       );
+        if ($handle !== null) {
+            $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
+                           "FROM %s WHERE server_url = ? AND handle = ?",
+                           $this->associations_table_name);
+            $params = array($server_url, $handle);
+        } else {
+            $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
+                           "FROM %s WHERE server_url = ? ORDER BY issued DESC",
+                           $this->associations_table_name);
+            $params = array($server_url);
+        }
+        
+        $assoc = $this->connection->getRow($sql, $types, $params);
+
+        if (!$assoc || PEAR::isError($assoc)) {
+            return null;
+        } else {
+            $association = new Auth_OpenID_Association($assoc['handle'],
+                                                       stream_get_contents(
+                                                           $assoc['secret']),
+                                                       $assoc['issued'],
+                                                       $assoc['lifetime'],
+                                                       $assoc['assoc_type']);
+            fclose($assoc['secret']);
+            return $association;
+        }
+    }
+
+    function removeAssociation($server_url, $handle)
+    {
+        $r = $this->connection->execParam(
+            sprintf("DELETE FROM %s WHERE server_url = ? AND handle = ?",
+                    $this->associations_table_name),
+            array($server_url, $handle));
+        
+        if (PEAR::isError($r) || $r == 0) {
+            return false;
+        }
+        return true;
+    }
+
+    function useNonce($server_url, $timestamp, $salt)
+    {
+        global $Auth_OpenID_SKEW;
+
+        if (abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
+            return false;
+        }
+        
+        $fields = array(
+                        "timestamp" => $timestamp,
+                        "salt" => $salt
+                        );
+        
+        if (!empty($server_url)) {
+            $fields["server_url"] = $server_url;
+        }
+        
+        $r = $this->connection->autoExecute(
+            $this->nonces_table_name,
+            $fields,
+            MDB2_AUTOQUERY_INSERT);
+        
+        if (PEAR::isError($r)) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Resets the store by removing all records from the store's
+     * tables.
+     */
+    function reset()
+    {
+        $this->connection->query(sprintf("DELETE FROM %s",
+                                         $this->associations_table_name));
+
+        $this->connection->query(sprintf("DELETE FROM %s",
+                                         $this->nonces_table_name));
+    }
+
+}
+
+?>
index b4979f1..fc10800 100644 (file)
@@ -22,10 +22,10 @@ require_once 'Auth/OpenID/Interface.php';
 
 /**
  * This is a memcached-based store for OpenID associations and
- * nonces.
- *
- * As memcache has limit of 250 chars for key length,
- * server_url, handle and salt are hashed with sha1().
+ * nonces. 
+ * 
+ * As memcache has limit of 250 chars for key length, 
+ * server_url, handle and salt are hashed with sha1(). 
  *
  * Most of the methods of this class are implementation details.
  * People wishing to just use this store need only pay attention to
@@ -48,29 +48,29 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
     }
 
     /**
-     * Store association until its expiration time in memcached.
-     * Overwrites any existing association with same server_url and
-     * handle. Handles list of associations for every server.
+     * Store association until its expiration time in memcached. 
+     * Overwrites any existing association with same server_url and 
+     * handle. Handles list of associations for every server. 
      */
     function storeAssociation($server_url, $association)
     {
-        // create memcached keys for association itself
+        // create memcached keys for association itself 
         // and list of associations for this server
-        $associationKey = $this->associationKey($server_url,
+        $associationKey = $this->associationKey($server_url, 
             $association->handle);
         $serverKey = $this->associationServerKey($server_url);
-
-        // get list of associations
+        
+        // get list of associations 
         $serverAssociations = $this->connection->get($serverKey);
-
+        
         // if no such list, initialize it with empty array
         if (!$serverAssociations) {
             $serverAssociations = array();
         }
         // and store given association key in it
         $serverAssociations[$association->issued] = $associationKey;
-
-        // save associations' keys list
+        
+        // save associations' keys list 
         $this->connection->set(
             $serverKey,
             $serverAssociations,
@@ -79,13 +79,13 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
         // save association itself
         $this->connection->set(
             $associationKey,
-            $association,
-            $this->compress,
+            $association, 
+            $this->compress, 
             $association->issued + $association->lifetime);
     }
 
     /**
-     * Read association from memcached. If no handle given
+     * Read association from memcached. If no handle given 
      * and multiple associations found, returns latest issued
      */
     function getAssociation($server_url, $handle = null)
@@ -97,23 +97,23 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
                 $this->associationKey($server_url, $handle));
             return $association ? $association : null;
         }
-
+        
         // no handle given, working with list
         // create key for list of associations
         $serverKey = $this->associationServerKey($server_url);
-
+        
         // get list of associations
         $serverAssociations = $this->connection->get($serverKey);
         // return null if failed or got empty list
         if (!$serverAssociations) {
             return null;
         }
-
+        
         // get key of most recently issued association
         $keys = array_keys($serverAssociations);
         sort($keys);
         $lastKey = $serverAssociations[array_pop($keys)];
-
+        
         // get association, return null if failed
         $association = $this->connection->get($lastKey);
         return $association ? $association : null;
@@ -124,29 +124,29 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
      */
     function removeAssociation($server_url, $handle)
     {
-        // create memcached keys for association itself
+        // create memcached keys for association itself 
         // and list of associations for this server
         $serverKey = $this->associationServerKey($server_url);
-        $associationKey = $this->associationKey($server_url,
+        $associationKey = $this->associationKey($server_url, 
             $handle);
-
+        
         // get list of associations
         $serverAssociations = $this->connection->get($serverKey);
         // return null if failed or got empty list
         if (!$serverAssociations) {
             return false;
         }
-
+        
         // ensure that given association key exists in list
         $serverAssociations = array_flip($serverAssociations);
         if (!array_key_exists($associationKey, $serverAssociations)) {
             return false;
         }
-
+        
         // remove given association key from list
         unset($serverAssociations[$associationKey]);
         $serverAssociations = array_flip($serverAssociations);
-
+        
         // save updated list
         $this->connection->set(
             $serverKey,
@@ -154,48 +154,48 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
             $this->compress
         );
 
-        // delete association
+        // delete association 
         return $this->connection->delete($associationKey);
     }
 
     /**
-     * Create nonce for server and salt, expiring after
+     * Create nonce for server and salt, expiring after 
      * $Auth_OpenID_SKEW seconds.
      */
     function useNonce($server_url, $timestamp, $salt)
     {
         global $Auth_OpenID_SKEW;
-
-        // save one request to memcache when nonce obviously expired
+        
+        // save one request to memcache when nonce obviously expired 
         if (abs($timestamp - time()) > $Auth_OpenID_SKEW) {
             return false;
         }
-
+        
         // returns false when nonce already exists
         // otherwise adds nonce
         return $this->connection->add(
-            'openid_nonce_' . sha1($server_url) . '_' . sha1($salt),
-            1, // any value here
-            $this->compress,
+            'openid_nonce_' . sha1($server_url) . '_' . sha1($salt), 
+            1, // any value here 
+            $this->compress, 
             $Auth_OpenID_SKEW);
     }
-
+    
     /**
-     * Memcache key is prefixed with 'openid_association_' string.
+     * Memcache key is prefixed with 'openid_association_' string. 
      */
-    function associationKey($server_url, $handle = null)
+    function associationKey($server_url, $handle = null) 
     {
         return 'openid_association_' . sha1($server_url) . '_' . sha1($handle);
     }
-
+    
     /**
-     * Memcache key is prefixed with 'openid_association_' string.
+     * Memcache key is prefixed with 'openid_association_' string. 
      */
-    function associationServerKey($server_url)
+    function associationServerKey($server_url) 
     {
         return 'openid_association_server_' . sha1($server_url);
     }
-
+    
     /**
      * Report that this storage doesn't support cleanup
      */
@@ -205,4 +205,3 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
     }
 }
 
-?>
\ No newline at end of file
index 02c8d67..9a5b20d 100644 (file)
@@ -143,7 +143,7 @@ class Auth_OpenID_Mapping {
      * Returns true if $thing is an Auth_OpenID_Mapping object; false
      * if not.
      */
-    function isA($thing)
+    static function isA($thing)
     {
         return (is_object($thing) &&
                 strtolower(get_class($thing)) == 'auth_openid_mapping');
@@ -442,7 +442,7 @@ class Auth_OpenID_Message {
         return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS;
     }
 
-    function fromPostArgs($args)
+    static function fromPostArgs($args)
     {
         // Construct a Message containing a set of POST arguments
         $obj = new Auth_OpenID_Message();
@@ -477,7 +477,7 @@ class Auth_OpenID_Message {
         }
     }
 
-    function fromOpenIDArgs($openid_args)
+    static function fromOpenIDArgs($openid_args)
     {
         // Takes an array.
 
@@ -594,7 +594,7 @@ class Auth_OpenID_Message {
         return $this->_openid_ns_uri;
     }
 
-    function fromKVForm($kvform_string)
+    static function fromKVForm($kvform_string)
     {
         // Create a Message from a KVForm string
         return Auth_OpenID_Message::fromOpenIDArgs(
@@ -684,7 +684,7 @@ class Auth_OpenID_Message {
         foreach ($this->toPostArgs() as $name => $value) {
             $form .= sprintf(
                         "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",
-                        $name, $value);
+                        $name, urldecode($value));
         }
 
         $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",
@@ -887,6 +887,11 @@ class Auth_OpenID_Message {
 
     function getAliasedArg($aliased_key, $default = null)
     {
+        if ($aliased_key == 'ns') {
+            // Return the namespace URI for the OpenID namespace
+            return $this->getOpenIDNamespace();
+        }
+
         $parts = explode('.', $aliased_key, 2);
 
         if (count($parts) != 2) {
@@ -912,4 +917,4 @@ class Auth_OpenID_Message {
     }
 }
 
-?>
\ No newline at end of file
+
index eb08af0..a5299b3 100644 (file)
@@ -32,7 +32,7 @@ class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
 
         $this->sql['assoc_table'] =
             "CREATE TABLE %s (\n".
-            "  server_url BLOB NOT NULL,\n".
+            "  server_url VARCHAR(2047) NOT NULL,\n".
             "  handle VARCHAR(255) NOT NULL,\n".
             "  secret BLOB NOT NULL,\n".
             "  issued INTEGER NOT NULL,\n".
@@ -75,4 +75,3 @@ class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
     }
 }
 
-?>
\ No newline at end of file
index effecac..b83c591 100644 (file)
@@ -106,4 +106,3 @@ function Auth_OpenID_mkNonce($when = null)
     return $time_str . $salt;
 }
 
-?>
\ No newline at end of file
index 313f963..f08ca8b 100644 (file)
@@ -21,7 +21,7 @@ define('PAPE_AUTH_PHISHING_RESISTANT',
        'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
 
 define('PAPE_TIME_VALIDATOR',
-       '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
+      '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
 /**
  * A Provider Authentication Policy request, sent from a relying party
  * to a provider
@@ -82,7 +82,7 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
      * Instantiate a Request object from the arguments in a checkid_*
      * OpenID message
      */
-    function fromOpenIDRequest($request)
+    static function fromOpenIDRequest($request)
     {
         $obj = new Auth_OpenID_PAPE_Request();
         $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
@@ -201,7 +201,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
      * @returns: A provider authentication policy response from the
      * data that was supplied with the id_res response.
      */
-    function fromSuccessResponse($success_response)
+    static function fromSuccessResponse($success_response)
     {
         $obj = new Auth_OpenID_PAPE_Response();
 
@@ -298,4 +298,3 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
     }
 }
 
-?>
\ No newline at end of file
index 546f34f..0461bdc 100644 (file)
@@ -101,7 +101,7 @@ class Auth_OpenID_Parse {
      * Starts with the tag name at a word boundary, where the tag name
      * is not a namespace
      */
-    var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*?)(?:<\/?%s\s*>|\Z))";
+    var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))";
 
     var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)';
 
@@ -215,11 +215,35 @@ class Auth_OpenID_Parse {
             return $str;
         }
     }
+    
+    function match($regexp, $text, &$match)
+    {
+        if (!is_callable('mb_ereg_search_init')) {
+            if (!preg_match($regexp, $text, $match)) {
+                return false;
+            }
+            $match = $match[0];
+            return true;
+        }
+
+        $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
+        mb_ereg_search_init($text);
+        if (!mb_ereg_search($regexp)) {
+            return false;
+        }
+        $match = mb_ereg_search_getregs();
+        return true;
+    }
 
     /**
      * Find all link tags in a string representing a HTML document and
      * return a list of their attributes.
      *
+     * @todo This is quite ineffective and may fail with the default
+     *       pcre.backtrack_limit of 100000 in PHP 5.2, if $html is big.
+     *       It should rather use stripos (in PHP5) or strpos()+strtoupper()
+     *       in PHP4 to manage this.
+     *
      * @param string $html The text to parse
      * @return array $list An array of arrays of attributes, one for each
      * link tag
@@ -244,18 +268,23 @@ class Auth_OpenID_Parse {
         $stripped = substr($stripped, $html_begin,
                            $html_end - $html_begin);
 
+        // Workaround to prevent PREG_BACKTRACK_LIMIT_ERROR:
+        $old_btlimit = ini_set( 'pcre.backtrack_limit', -1 );
+
         // Try to find the <HEAD> tag.
         $head_re = $this->headFind();
-        $head_matches = array();
-        if (!preg_match($head_re, $stripped, $head_matches)) {
-            return array();
+        $head_match = array();
+        if (!$this->match($head_re, $stripped, $head_match)) {
+                     ini_set( 'pcre.backtrack_limit', $old_btlimit );
+                     return array();
         }
 
         $link_data = array();
         $link_matches = array();
 
-        if (!preg_match_all($this->_link_find, $head_matches[0],
+        if (!preg_match_all($this->_link_find, $head_match[0],
                             $link_matches)) {
+            ini_set( 'pcre.backtrack_limit', $old_btlimit );
             return array();
         }
 
@@ -273,6 +302,7 @@ class Auth_OpenID_Parse {
             $link_data[] = $link_attrs;
         }
 
+        ini_set( 'pcre.backtrack_limit', $old_btlimit );
         return $link_data;
     }
 
@@ -349,4 +379,3 @@ function Auth_OpenID_legacy_discover($html_text, $server_rel,
     }
 }
 
-?>
\ No newline at end of file
index e7a1441..d90e43e 100644 (file)
@@ -29,7 +29,7 @@ class Auth_OpenID_PostgreSQLStore extends Auth_OpenID_SQLStore {
                 "UNIQUE (server_url, timestamp, salt))";
 
         $this->sql['assoc_table'] =
-            "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ".
+            "CREATE TABLE %s (server_url VARCHAR(2047) NOT NULL, ". 
                              "handle VARCHAR(255) NOT NULL, ".
                              "secret BYTEA NOT NULL, ".
                              "issued INTEGER NOT NULL, ".
@@ -110,4 +110,3 @@ class Auth_OpenID_PostgreSQLStore extends Auth_OpenID_SQLStore {
     }
 }
 
-?>
\ No newline at end of file
index 6cce3e5..c040597 100644 (file)
  */
 
 /**
- * Require the PEAR DB module because we'll need it for the SQL-based
- * stores implemented here.  We silence any errors from the inclusion
- * because it might not be present, and a user of the SQL stores may
- * supply an Auth_OpenID_DatabaseConnection instance that implements
- * its own storage.
- */
-global $__Auth_OpenID_PEAR_AVAILABLE;
-$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php';
-
-/**
  * @access private
  */
 require_once 'Auth/OpenID/Interface.php';
@@ -89,8 +79,6 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
                                   $associations_table = null,
                                   $nonces_table = null)
     {
-        global $__Auth_OpenID_PEAR_AVAILABLE;
-
         $this->associations_table_name = "oid_associations";
         $this->nonces_table_name = "oid_nonces";
 
@@ -113,7 +101,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
         // constant, so only try to use it if PEAR is present.  Note
         // that Auth_Openid_Databaseconnection instances need not
         // implement ::setFetchMode for this reason.
-        if ($__Auth_OpenID_PEAR_AVAILABLE) {
+        if (is_subclass_of($this->connection, 'db_common')) {
             $this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
         }
 
@@ -482,7 +470,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
         global $Auth_OpenID_SKEW;
 
         if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
-            return False;
+            return false;
         }
 
         return $this->_add_nonce($server_url, $timestamp, $salt);
@@ -566,4 +554,4 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
     }
 }
 
-?>
\ No newline at end of file
+
index 4d21633..5ece707 100644 (file)
@@ -94,7 +94,7 @@ Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg');
  * $endpoint: The endpoint object as returned by OpenID discovery.
  * returns whether an sreg type was advertised by the endpoint
  */
-function Auth_OpenID_supportsSReg(&$endpoint)
+function Auth_OpenID_supportsSReg($endpoint)
 {
     return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) ||
             $endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0));
@@ -122,7 +122,7 @@ class Auth_OpenID_SRegBase extends Auth_OpenID_Extension {
      *
      * @access private
      */
-    function _getSRegNS(&$message)
+    static function _getSRegNS($message)
     {
         $alias = null;
         $found_ns_uri = null;
@@ -173,7 +173,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
     /**
      * Initialize an empty simple registration request.
      */
-    function build($required=null, $optional=null,
+    static function build($required=null, $optional=null,
                    $policy_url=null,
                    $sreg_ns_uri=Auth_OpenID_SREG_NS_URI,
                    $cls='Auth_OpenID_SRegRequest')
@@ -213,7 +213,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
      *
      * Returns the newly created simple registration request
      */
-    function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
+    static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
     {
 
         $obj = call_user_func_array(array($cls, 'build'),
@@ -442,7 +442,7 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
      * string (unicode) value. For instance, the nickname should be
      * stored under the key 'nickname'.
      */
-    function extractResponse($request, $data)
+    static function extractResponse($request, $data)
     {
         $obj = new Auth_OpenID_SRegResponse();
         $obj->ns_uri = $request->ns_uri;
@@ -471,7 +471,7 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
      * Returns a simple registration response containing the data that
      * was supplied with the C{id_res} response.
      */
-    function fromSuccessResponse(&$success_response, $signed_only=true)
+    static function fromSuccessResponse($success_response, $signed_only=true)
     {
         global $Auth_OpenID_sreg_data_fields;
 
@@ -518,4 +518,4 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
     }
 }
 
-?>
\ No newline at end of file
+
index d5abfd2..9887d1e 100644 (file)
@@ -2,7 +2,7 @@
 
 /**
  * OpenID server protocol and logic.
- *
+ * 
  * Overview
  *
  * An OpenID server must perform three tasks:
@@ -10,7 +10,7 @@
  *  1. Examine the incoming request to determine its nature and validity.
  *  2. Make a decision about how to respond to this request.
  *  3. Format the response according to the protocol.
- *
+ * 
  * The first and last of these tasks may performed by the {@link
  * Auth_OpenID_Server::decodeRequest()} and {@link
  * Auth_OpenID_Server::encodeResponse} methods.  Who gets to do the
  * {@link Auth_OpenID_Server::handleRequest()}.
  *
  * OpenID Extensions
- *
+ * 
  * Do you want to provide other information for your users in addition
  * to authentication?  Version 1.2 of the OpenID protocol allows
  * consumers to add extensions to their requests.  For example, with
  * sites using the Simple Registration
  * Extension
- * (http://www.openidenabled.com/openid/simple-registration-extension/),
+ * (http://openid.net/specs/openid-simple-registration-extension-1_0.html),
  * a user can agree to have their nickname and e-mail address sent to
  * a site when they sign up.
  *
@@ -365,7 +365,7 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request {
         $this->message = null;
     }
 
-    function fromMessage($message, $server=null)
+    static function fromMessage($message, $server=null)
     {
         $required_keys = array('assoc_handle', 'sig', 'signed');
 
@@ -396,7 +396,7 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request {
         return $result;
     }
 
-    function answer(&$signatory)
+    function answer($signatory)
     {
         $is_valid = $signatory->verify($this->assoc_handle, $this->signed);
 
@@ -436,7 +436,7 @@ class Auth_OpenID_PlainTextServerSession {
     var $needs_math = false;
     var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256');
 
-    function fromMessage($unused_request)
+    static function fromMessage($unused_request)
     {
         return new Auth_OpenID_PlainTextServerSession();
     }
@@ -469,7 +469,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
         $this->consumer_pubkey = $consumer_pubkey;
     }
 
-    function getDH($message)
+    static function getDH($message)
     {
         $dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus');
         $dh_gen = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_gen');
@@ -489,7 +489,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
                                 $missing);
         }
 
-        $lib =& Auth_OpenID_getMathLib();
+        $lib = Auth_OpenID_getMathLib();
 
         if ($dh_modulus || $dh_gen) {
             $dh_modulus = $lib->base64ToLong($dh_modulus);
@@ -523,7 +523,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
         return array($dh, $consumer_pubkey);
     }
 
-    function fromMessage($message)
+    static function fromMessage($message)
     {
         $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
 
@@ -538,7 +538,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
 
     function answer($secret)
     {
-        $lib =& Auth_OpenID_getMathLib();
+        $lib = Auth_OpenID_getMathLib();
         $mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret,
                                         $this->hash_func);
         return array(
@@ -560,7 +560,7 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession
     var $hash_func = 'Auth_OpenID_SHA256';
     var $allowed_assoc_types = array('HMAC-SHA256');
 
-    function fromMessage($message)
+    static function fromMessage($message)
     {
         $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
 
@@ -582,7 +582,7 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession
 class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
     var $mode = "associate";
 
-    function getSessionClasses()
+    static function getSessionClasses()
     {
         return array(
           'no-encryption' => 'Auth_OpenID_PlainTextServerSession',
@@ -590,14 +590,14 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
           'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession');
     }
 
-    function Auth_OpenID_AssociateRequest(&$session, $assoc_type)
+    function Auth_OpenID_AssociateRequest($session, $assoc_type)
     {
-        $this->session =& $session;
+        $this->session = $session;
         $this->namespace = Auth_OpenID_OPENID2_NS;
         $this->assoc_type = $assoc_type;
     }
 
-    function fromMessage($message, $server=null)
+    static function fromMessage($message, $server=null)
     {
         if ($message->isOpenID1()) {
             $session_type = $message->getArg(Auth_OpenID_OPENID_NS,
@@ -661,7 +661,7 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
         $response->fields->updateArgs(Auth_OpenID_OPENID_NS,
            $this->session->answer($assoc->secret));
 
-        if (! ($this->session->session_type == 'no-encryption'
+        if (! ($this->session->session_type == 'no-encryption' 
                && $this->message->isOpenID1())) {
             $response->fields->setArg(Auth_OpenID_OPENID_NS,
                                       'session_type',
@@ -696,7 +696,7 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
                                       'session_type',
                                       $preferred_session_type);
         }
-
+        $response->code = AUTH_OPENID_HTTP_ERROR;
         return $response;
     }
 }
@@ -733,8 +733,8 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
      * deprecated since version 2.0.2
      */
     var $namespace;
-
-    function make(&$message, $identity, $return_to, $trust_root = null,
+    
+    static function make($message, $identity, $return_to, $trust_root = null,
                   $immediate = false, $assoc_handle = null, $server = null)
     {
         if ($server === null) {
@@ -752,7 +752,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
                                             $assoc_handle, $server);
 
         $r->namespace = $message->getOpenIDNamespace();
-        $r->message =& $message;
+        $r->message = $message;
 
         if (!$r->trustRootValid()) {
             return new Auth_OpenID_UntrustedReturnURL($message,
@@ -778,7 +778,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
         }
         $this->return_to = $return_to;
         $this->trust_root = $trust_root;
-        $this->server =& $server;
+        $this->server = $server;
 
         if ($immediate) {
             $this->immediate = true;
@@ -817,11 +817,12 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
      */
     function returnToVerified()
     {
+        $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
         return call_user_func_array($this->verifyReturnTo,
-                                    array($this->trust_root, $this->return_to));
+                                    array($this->trust_root, $this->return_to, $fetcher));
     }
 
-    function fromMessage(&$message, $server)
+    static function fromMessage($message, $server)
     {
         $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
         $immediate = null;
@@ -871,13 +872,13 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
         } else {
             $trust_root_param = 'realm';
         }
-        $trust_root = $message->getArg(Auth_OpenID_OPENID_NS,
+        $trust_root = $message->getArg(Auth_OpenID_OPENID_NS, 
                                        $trust_root_param);
         if (! $trust_root) {
             $trust_root = $return_to;
         }
 
-        if (! $message->isOpenID1() &&
+        if (! $message->isOpenID1() && 
             ($return_to === null) &&
             ($trust_root === null)) {
             return new Auth_OpenID_ServerError($message,
@@ -1183,9 +1184,9 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
  */
 class Auth_OpenID_ServerResponse {
 
-    function Auth_OpenID_ServerResponse(&$request)
+    function Auth_OpenID_ServerResponse($request)
     {
-        $this->request =& $request;
+        $this->request = $request;
         $this->fields = new Auth_OpenID_Message($this->request->namespace);
     }
 
@@ -1310,10 +1311,10 @@ class Auth_OpenID_Signatory {
     /**
      * Create a new signatory using a given store.
      */
-    function Auth_OpenID_Signatory(&$store)
+    function Auth_OpenID_Signatory($store)
     {
         // assert store is not None
-        $this->store =& $store;
+        $this->store = $store;
     }
 
     /**
@@ -1447,7 +1448,7 @@ class Auth_OpenID_Encoder {
      * Encode an {@link Auth_OpenID_ServerResponse} and return an
      * {@link Auth_OpenID_WebResponse}.
      */
-    function encode(&$response)
+    function encode($response)
     {
         $cls = $this->responseFactory;
 
@@ -1463,10 +1464,14 @@ class Auth_OpenID_Encoder {
                            array('location' => $location));
         } else if ($encode_as == Auth_OpenID_ENCODE_HTML_FORM) {
           $wr = new $cls(AUTH_OPENID_HTTP_OK, array(),
-                         $response->toFormMarkup());
+                         $response->toHTML());
         } else {
             return new Auth_OpenID_EncodingError($response);
         }
+        /* Allow the response to carry a custom error code (ex: for Association errors) */
+        if(isset($response->code)) {
+            $wr->code = $response->code;
+        }
         return $wr;
     }
 }
@@ -1478,16 +1483,16 @@ class Auth_OpenID_Encoder {
  */
 class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder {
 
-    function Auth_OpenID_SigningEncoder(&$signatory)
+    function Auth_OpenID_SigningEncoder($signatory)
     {
-        $this->signatory =& $signatory;
+        $this->signatory = $signatory;
     }
 
     /**
      * Sign an {@link Auth_OpenID_ServerResponse} and return an
      * {@link Auth_OpenID_WebResponse}.
      */
-    function encode(&$response)
+    function encode($response)
     {
         // the isinstance is a bit of a kludge... it means there isn't
         // really an adapter to make the interfaces quite match.
@@ -1516,9 +1521,9 @@ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder {
  */
 class Auth_OpenID_Decoder {
 
-    function Auth_OpenID_Decoder(&$server)
+    function Auth_OpenID_Decoder($server)
     {
-        $this->server =& $server;
+        $this->server = $server;
 
         $this->handlers = array(
             'checkid_setup' => 'Auth_OpenID_CheckIDRequest',
@@ -1599,9 +1604,9 @@ class Auth_OpenID_Decoder {
  * @package OpenID
  */
 class Auth_OpenID_EncodingError {
-    function Auth_OpenID_EncodingError(&$response)
+    function Auth_OpenID_EncodingError($response)
     {
-        $this->response =& $response;
+        $this->response = $response;
     }
 }
 
@@ -1674,14 +1679,14 @@ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError {
  * @package OpenID
  */
 class Auth_OpenID_Server {
-    function Auth_OpenID_Server(&$store, $op_endpoint=null)
+    function Auth_OpenID_Server($store, $op_endpoint=null)
     {
-        $this->store =& $store;
+        $this->store = $store;
         $this->signatory = new Auth_OpenID_Signatory($this->store);
         $this->encoder = new Auth_OpenID_SigningEncoder($this->signatory);
         $this->decoder = new Auth_OpenID_Decoder($this);
         $this->op_endpoint = $op_endpoint;
-        $this->negotiator =& Auth_OpenID_getDefaultNegotiator();
+        $this->negotiator = Auth_OpenID_getDefaultNegotiator();
     }
 
     /**
@@ -1699,7 +1704,7 @@ class Auth_OpenID_Server {
     {
         if (method_exists($this, "openid_" . $request->mode)) {
             $handler = array($this, "openid_" . $request->mode);
-            return call_user_func($handler, $request);
+            return call_user_func_array($handler, array($request));
         }
         return null;
     }
@@ -1707,7 +1712,7 @@ class Auth_OpenID_Server {
     /**
      * The callback for 'check_authentication' messages.
      */
-    function openid_check_authentication(&$request)
+    function openid_check_authentication($request)
     {
         return $request->answer($this->signatory);
     }
@@ -1715,7 +1720,7 @@ class Auth_OpenID_Server {
     /**
      * The callback for 'associate' messages.
      */
-    function openid_associate(&$request)
+    function openid_associate($request)
     {
         $assoc_type = $request->assoc_type;
         $session_type = $request->session->session_type;
@@ -1738,7 +1743,7 @@ class Auth_OpenID_Server {
      * Encodes as response in the appropriate format suitable for
      * sending to the user agent.
      */
-    function encodeResponse(&$response)
+    function encodeResponse($response)
     {
         return $this->encoder->encode($response);
     }
@@ -1757,4 +1762,4 @@ class Auth_OpenID_Server {
     }
 }
 
-?>
\ No newline at end of file
+
index b0f2b72..000440b 100644 (file)
@@ -58,7 +58,7 @@ class Auth_OpenID_TrustRoot {
      * @return The URL upon which relying party discovery should be
      * run in order to verify the return_to URL
      */
-    function buildDiscoveryURL($realm)
+    static function buildDiscoveryURL($realm)
     {
         $parsed = Auth_OpenID_TrustRoot::_parse($realm);
 
@@ -93,7 +93,7 @@ class Auth_OpenID_TrustRoot {
      * @return mixed $parsed Either an associative array of trust root
      * parts or false if parsing failed.
      */
-    function _parse($trust_root)
+    static function _parse($trust_root)
     {
         $trust_root = Auth_OpenID_urinorm($trust_root);
         if ($trust_root === null) {
@@ -199,7 +199,7 @@ class Auth_OpenID_TrustRoot {
      * @param string $trust_root The trust root to check
      * @return bool $sanity Whether the trust root looks OK
      */
-    function isSane($trust_root)
+    static function isSane($trust_root)
     {
         $parts = Auth_OpenID_TrustRoot::_parse($trust_root);
         if ($parts === false) {
@@ -210,7 +210,7 @@ class Auth_OpenID_TrustRoot {
         if ($parts['host'] == 'localhost') {
             return true;
         }
-
+        
         $host_parts = explode('.', $parts['host']);
         if ($parts['wildcard']) {
             // Remove the empty string from the beginning of the array
@@ -269,7 +269,7 @@ class Auth_OpenID_TrustRoot {
      * @return bool $matches Whether the URL matches against the
      * trust root
      */
-    function match($trust_root, $url)
+    static function match($trust_root, $url)
     {
         $trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root);
         $url_parsed = Auth_OpenID_TrustRoot::_parse($url);
@@ -341,7 +341,7 @@ class Auth_OpenID_TrustRoot {
  * @returns: The endpoint URL or None if the endpoint is not a
  * relying party endpoint.
  */
-function filter_extractReturnURL(&$endpoint)
+function filter_extractReturnURL($endpoint)
 {
     if ($endpoint->matchTypes(array(Auth_OpenID_RP_RETURN_TO_URL_TYPE))) {
         return $endpoint;
@@ -394,14 +394,14 @@ function Auth_OpenID_returnToMatches($allowed_return_to_urls, $return_to)
  * Given a relying party discovery URL return a list of return_to
  * URLs.
  */
-function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher,
+function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher,
               $discover_function=null)
 {
     if ($discover_function === null) {
         $discover_function = array('Auth_Yadis_Yadis', 'discover');
     }
 
-    $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'fromXRDS');
+    $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'consumerFromXRDS');
 
     list($rp_url_after_redirects, $endpoints) =
         Auth_Yadis_getServiceEndpoints($relying_party_url, $xrds_parse_cb,
@@ -413,7 +413,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher,
     }
 
     call_user_func_array($discover_function,
-                         array($relying_party_url, $fetcher));
+                         array($relying_party_url, &$fetcher));
 
     $return_to_urls = array();
     $matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);
@@ -435,7 +435,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher,
  *
  * @return true if the return_to URL is valid for the realm
  */
-function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher,
+function Auth_OpenID_verifyReturnTo($realm_str, $return_to, $fetcher,
               $_vrfy='Auth_OpenID_getAllowedReturnURLs')
 {
     $disco_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm_str);
@@ -445,7 +445,7 @@ function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher,
     }
 
     $allowable_urls = call_user_func_array($_vrfy,
-                           array($disco_url, &$fetcher));
+                           array($disco_url, $fetcher));
 
     // The realm_str could not be parsed.
     if ($allowable_urls === false) {
@@ -459,4 +459,3 @@ function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher,
     }
 }
 
-?>
\ No newline at end of file
index 78af042..c051b55 100644 (file)
@@ -246,4 +246,4 @@ function Auth_OpenID_urinorm($uri)
     return $scheme . '://' . $authority . $path . $query . $fragment;
 }
 
-?>
\ No newline at end of file
+
index ba731a8..148cde1 100644 (file)
@@ -19,7 +19,7 @@
 require_once "Auth/OpenID.php";
 
 define('Auth_OpenID_FETCHER_MAX_RESPONSE_KB', 1024);
-define('Auth_OpenID_USER_AGENT',
+define('Auth_OpenID_USER_AGENT', 
        'php-openid/'.Auth_OpenID_VERSION.' (php/'.phpversion().')');
 
 class Auth_Yadis_HTTPResponse {
@@ -115,12 +115,40 @@ class Auth_Yadis_HTTPFetcher {
     /**
      * @access private
      */
-    function _findRedirect($headers)
+    function _findRedirect($headers, $url)
     {
         foreach ($headers as $line) {
             if (strpos(strtolower($line), "location: ") === 0) {
                 $parts = explode(" ", $line, 2);
-                return $parts[1];
+                $loc = $parts[1];
+                $ppos = strpos($loc, "://");
+                if ($ppos === false || $ppos > strpos($loc, "/")) {
+                  /* no host; add it */
+                  $hpos = strpos($url, "://");
+                  $prt = substr($url, 0, $hpos+3);
+                  $url = substr($url, $hpos+3);
+                  if (substr($loc, 0, 1) == "/") {
+                    /* absolute path */
+                    $fspos = strpos($url, "/");
+                    if ($fspos) $loc = $prt.substr($url, 0, $fspos).$loc;
+                    else $loc = $prt.$url.$loc;
+                  } else {
+                    /* relative path */
+                    $pp = $prt;
+                    while (1) {
+                      $xpos = strpos($url, "/");
+                      if ($xpos === false) break;
+                      $apos = strpos($url, "?");
+                      if ($apos !== false && $apos < $xpos) break;
+                      $apos = strpos($url, "&");
+                      if ($apos !== false && $apos < $xpos) break;
+                      $pp .= substr($url, 0, $xpos+1);
+                      $url = substr($url, $xpos+1);
+                    }
+                    $loc = $pp.$loc;
+                  }
+                }
+                return $loc;
             }
         }
         return null;
@@ -138,10 +166,9 @@ class Auth_Yadis_HTTPFetcher {
      * pass the URLHasAllowedScheme check or if the server's response
      * is malformed.
      */
-    function get($url, $headers)
+    function get($url, $headers = null)
     {
         trigger_error("not implemented", E_USER_ERROR);
     }
 }
 
-?>
\ No newline at end of file
index d50cf7a..3f54fd0 100644 (file)
@@ -387,11 +387,11 @@ class Auth_Yadis_Discovery {
      * @param string $session_key_suffix The optional session key
      * suffix override.
      */
-    function Auth_Yadis_Discovery(&$session, $url,
+    function Auth_Yadis_Discovery($session, $url,
                                       $session_key_suffix = null)
     {
         /// Initialize a discovery object
-        $this->session =& $session;
+        $this->session = $session;
         $this->url = $url;
         if ($session_key_suffix === null) {
             $session_key_suffix = $this->DEFAULT_SUFFIX;
@@ -405,15 +405,17 @@ class Auth_Yadis_Discovery {
      * Return the next authentication service for the pair of
      * user_input and session. This function handles fallback.
      */
-    function getNextService($discover_cb, &$fetcher)
+    function getNextService($discover_cb, $fetcher)
     {
         $manager = $this->getManager();
         if (!$manager || (!$manager->services)) {
             $this->destroyManager();
 
-            list($yadis_url, $services) = call_user_func($discover_cb,
-                                                         $this->url,
-                                                         $fetcher);
+            list($yadis_url, $services) = call_user_func_array($discover_cb,
+                                                               array(
+                                                                $this->url,
+                                                                &$fetcher,
+                                                               ));
 
             $manager = $this->createManager($services, $yadis_url);
         }
@@ -466,7 +468,7 @@ class Auth_Yadis_Discovery {
      * @param $force True if the manager should be returned regardless
      * of whether it's a manager for $this->url.
      */
-    function &getManager($force=false)
+    function getManager($force=false)
     {
         // Extract the YadisServiceManager for this object's URL and
         // suffix from the session.
@@ -481,16 +483,13 @@ class Auth_Yadis_Discovery {
 
         if ($manager && ($manager->forURL($this->url) || $force)) {
             return $manager;
-        } else {
-            $unused = null;
-            return $unused;
         }
     }
 
     /**
      * @access private
      */
-    function &createManager($services, $yadis_url = null)
+    function createManager($services, $yadis_url = null)
     {
         $key = $this->getSessionKey();
         if ($this->getManager()) {
@@ -504,10 +503,6 @@ class Auth_Yadis_Discovery {
             $this->session->set($this->session_key,
                                 serialize($loader->toSession($manager)));
             return $manager;
-        } else {
-            // Oh, PHP.
-            $unused = null;
-            return $unused;
         }
     }
 
@@ -526,4 +521,3 @@ class Auth_Yadis_Discovery {
     }
 }
 
-?>
\ No newline at end of file
index 1134a4f..a5afa8e 100644 (file)
@@ -56,4 +56,3 @@ function Auth_Yadis_startswith($s, $stuff)
     return strpos($s, $stuff) === 0;
 }
 
-?>
\ No newline at end of file
index d577b8b..2c496a3 100644 (file)
@@ -109,9 +109,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
             }
 
             curl_setopt($c, CURLOPT_WRITEFUNCTION,
-                        array(&$this, "_writeData"));
+                        array($this, "_writeData"));
             curl_setopt($c, CURLOPT_HEADERFUNCTION,
-                        array(&$this, "_writeHeader"));
+                        array($this, "_writeHeader"));
 
             if ($extra_headers) {
                 curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
@@ -127,8 +127,20 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
                         Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
             curl_setopt($c, CURLOPT_TIMEOUT, $off);
             curl_setopt($c, CURLOPT_URL, $url);
-            curl_setopt($c, CURLOPT_RANGE,
-                        "0-".(1024 * Auth_OpenID_FETCHER_MAX_RESPONSE_KB));
+
+            if (defined('Auth_OpenID_VERIFY_HOST')) {
+                // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+                // is explicitly set, otherwise use system default.
+                if (Auth_OpenID_VERIFY_HOST) {
+                    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+                    curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+                    if (defined('Auth_OpenID_CAINFO')) {
+                        curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+                    }
+                } else {
+                    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+                }
+            }
 
                        // <TYPO3-specific>
                        if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
@@ -157,12 +169,18 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
             }
 
             if (in_array($code, array(301, 302, 303, 307))) {
-                $url = $this->_findRedirect($headers);
+                $url = $this->_findRedirect($headers, $url);
                 $redir = true;
             } else {
                 $redir = false;
                 curl_close($c);
 
+                if (defined('Auth_OpenID_VERIFY_HOST') &&
+                    Auth_OpenID_VERIFY_HOST == true &&
+                    $this->isHTTPS($url)) {
+                    Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+                                     'curl/get', $url);
+                }
                 $new_headers = array();
 
                 foreach ($headers as $header) {
@@ -205,7 +223,21 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
         curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
         curl_setopt($c, CURLOPT_URL, $url);
         curl_setopt($c, CURLOPT_WRITEFUNCTION,
-                    array(&$this, "_writeData"));
+                    array($this, "_writeData"));
+
+        if (defined('Auth_OpenID_VERIFY_HOST')) {
+            // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+            // is explicitly set, otherwise use system default.
+            if (Auth_OpenID_VERIFY_HOST) {
+                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+                curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+                if (defined('Auth_OpenID_CAINFO')) {
+                    curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+                }
+            } else {
+                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+            }
+        }
 
                // <TYPO3-specific>
                if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
@@ -226,9 +258,17 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
 
         if (!$code) {
             Auth_OpenID::log("Got no response code when fetching %s", $url);
+            Auth_OpenID::log("CURL error (%s): %s",
+                             curl_errno($c), curl_error($c));
             return null;
         }
 
+        if (defined('Auth_OpenID_VERIFY_HOST') &&
+            Auth_OpenID_VERIFY_HOST == true &&
+            $this->isHTTPS($url)) {
+            Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+                             'curl/post', $url);
+        }
         $body = $this->data;
 
         curl_close($c);
@@ -251,4 +291,3 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
     }
 }
 
-?>
\ No newline at end of file
index 60f39ed..6f0f8b7 100644 (file)
@@ -113,7 +113,7 @@ class Auth_Yadis_ParseHTML {
     }
 
     /**
-     * Create a regular expression that will match an opening
+     * Create a regular expression that will match an opening 
      * or closing tag from a set of names.
      *
      * @access private
@@ -204,7 +204,7 @@ class Auth_Yadis_ParseHTML {
 
         $link_data = array();
         $link_matches = array();
-
+        
         if (!preg_match_all($this->tagPattern('meta', false, 'maybe'),
                             $html_string, $link_matches)) {
             return array();
@@ -256,4 +256,3 @@ class Auth_Yadis_ParseHTML {
     }
 }
 
-?>
\ No newline at end of file
index 8882e3c..2689053 100644 (file)
@@ -83,8 +83,6 @@ class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher {
                              "User-Agent: $user_agent",
                              "Host: ".$parts['host'].
                                 ($specify_port ? ":".$parts['port'] : ""),
-                             "Range: 0-".
-                                (1024*Auth_OpenID_FETCHER_MAX_RESPONSE_KB),
                              "Port: ".$parts['port']);
 
             $errno = 0;
@@ -124,7 +122,7 @@ class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher {
             $code = $http_code[1];
 
             if (in_array($code, array('301', '302'))) {
-                $url = $this->_findRedirect($headers);
+                $url = $this->_findRedirect($headers, $url);
                 $redir = true;
             } else {
                 $redir = false;
@@ -248,4 +246,3 @@ class Auth_Yadis_PlainHTTPFetcher extends Auth_Yadis_HTTPFetcher {
     }
 }
 
-?>
\ No newline at end of file
index 24b70b8..cf1f5c4 100644 (file)
@@ -91,7 +91,7 @@ class Auth_Yadis_XMLParser {
      * @return array $node_list An array of matching opaque node
      * objects to be used with other methods of this parser class.
      */
-    function evalXPath($xpath, $node = null)
+    function &evalXPath($xpath, $node = null)
     {
         // Not implemented.
     }
@@ -310,20 +310,16 @@ $__Auth_Yadis_defaultParser = null;
  * @param Auth_Yadis_XMLParser $parser An instance of a
  * Auth_Yadis_XMLParser subclass.
  */
-function Auth_Yadis_setDefaultParser(&$parser)
+function Auth_Yadis_setDefaultParser($parser)
 {
     global $__Auth_Yadis_defaultParser;
-    $__Auth_Yadis_defaultParser =& $parser;
+    $__Auth_Yadis_defaultParser = $parser;
 }
 
 function Auth_Yadis_getSupportedExtensions()
 {
-    return array(
-                 'dom' => array('classname' => 'Auth_Yadis_dom',
-                       'libname' => array('dom.so', 'dom.dll')),
-                 'domxml' => array('classname' => 'Auth_Yadis_domxml',
-                       'libname' => array('domxml.so', 'php_domxml.dll')),
-                 );
+    return array('dom'    => 'Auth_Yadis_dom',
+                 'domxml' => 'Auth_Yadis_domxml');
 }
 
 /**
@@ -332,43 +328,25 @@ function Auth_Yadis_getSupportedExtensions()
  * Auth_Yadis_setDefaultParser has been called, the parser used in
  * that call will be returned instead.
  */
-function &Auth_Yadis_getXMLParser()
+function Auth_Yadis_getXMLParser()
 {
     global $__Auth_Yadis_defaultParser;
-
+    
     if (isset($__Auth_Yadis_defaultParser)) {
         return $__Auth_Yadis_defaultParser;
     }
-
-    $p = null;
-    $classname = null;
-
-    $extensions = Auth_Yadis_getSupportedExtensions();
-
-    // Return a wrapper for the resident implementation, if any.
-    foreach ($extensions as $name => $params) {
-        if (!extension_loaded($name)) {
-            foreach ($params['libname'] as $libname) {
-                if (@dl($libname)) {
-                    $classname = $params['classname'];
-                }
-            }
-        } else {
-            $classname = $params['classname'];
-        }
-        if (isset($classname)) {
-            $p = new $classname();
-            return $p;
-        }
-    }
-
-    if (!isset($p)) {
-        trigger_error('No XML parser was found', E_USER_ERROR);
-    } else {
+    
+    foreach(Auth_Yadis_getSupportedExtensions() as $extension => $classname)
+    {
+      if (extension_loaded($extension))
+      {
+        $p = new $classname();
         Auth_Yadis_setDefaultParser($p);
+        return $p;
+      }
     }
-
-    return $p;
+    
+    return false;
 }
 
-?>
\ No newline at end of file
+
index 1a0d4ff..1f5af96 100644 (file)
@@ -257,9 +257,9 @@ class Auth_Yadis_XRDS {
      */
     function Auth_Yadis_XRDS($xmlParser, $xrdNodes)
     {
-        $this->parser =& $xmlParser;
+        $this->parser = $xmlParser;
         $this->xrdNode = $xrdNodes[count($xrdNodes) - 1];
-        $this->allXrdNodes =& $xrdNodes;
+        $this->allXrdNodes = $xrdNodes;
         $this->serviceList = array();
         $this->_parse();
     }
@@ -273,7 +273,7 @@ class Auth_Yadis_XRDS {
      * @return mixed $xrds An instance of Auth_Yadis_XRDS or null,
      * depending on the validity of $xml_string
      */
-    function &parseXRDS($xml_string, $extra_ns_map = null)
+    static function parseXRDS($xml_string, $extra_ns_map = null)
     {
         $_null = null;
 
@@ -354,7 +354,7 @@ class Auth_Yadis_XRDS {
         foreach ($services as $node) {
             $s = new Auth_Yadis_Service();
             $s->element = $node;
-            $s->parser =& $this->parser;
+            $s->parser = $this->parser;
 
             $priority = $s->getPriority();
 
@@ -428,6 +428,7 @@ class Auth_Yadis_XRDS {
                 $matches = 0;
 
                 foreach ($filters as $filter) {
+
                     if (call_user_func_array($filter, array(&$service))) {
                         $matches++;
 
@@ -475,4 +476,3 @@ class Auth_Yadis_XRDS {
     }
 }
 
-?>
\ No newline at end of file
index 8c28450..0143a69 100644 (file)
@@ -190,7 +190,7 @@ function Auth_Yadis_getCanonicalID($iname, $xrds)
 
     // Now nodes are in reverse order.
     $xrd_list = array_reverse($xrds->allXrdNodes);
-    $parser =& $xrds->parser;
+    $parser = $xrds->parser;
     $node = $xrd_list[0];
 
     $canonicalID_nodes = $parser->evalXPath('xrd:CanonicalID', $node);
@@ -231,4 +231,4 @@ function Auth_Yadis_getCanonicalID($iname, $xrds)
     return $canonicalID;
 }
 
-?>
\ No newline at end of file
+
index 654393e..5e11587 100644 (file)
@@ -10,7 +10,7 @@ require_once 'Auth/Yadis/XRI.php';
 class Auth_Yadis_ProxyResolver {
     function Auth_Yadis_ProxyResolver($fetcher, $proxy_url = null)
     {
-        $this->fetcher =& $fetcher;
+        $this->fetcher = $fetcher;
         $this->proxy_url = $proxy_url;
         if (!$this->proxy_url) {
             $this->proxy_url = Auth_Yadis_getDefaultProxy();
@@ -69,4 +69,4 @@ class Auth_Yadis_ProxyResolver {
     }
 }
 
-?>
\ No newline at end of file
+
index 56245fc..9ea2db7 100644 (file)
@@ -105,7 +105,7 @@ class Auth_Yadis_DiscoveryResult {
     function usedYadisLocation()
     {
         // Was the Yadis protocol's indirection used?
-        return $this->normalized_uri != $this->xrds_uri;
+        return ($this->xrds_uri && $this->normalized_uri != $this->xrds_uri);
     }
 
     function isXRDS()
@@ -141,7 +141,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
     }
 
     $yadis_result = call_user_func_array($discover_func,
-                                         array($input_url, $fetcher));
+                                         array($input_url, &$fetcher));
 
     if ($yadis_result === null) {
         return array($input_url, array());
@@ -196,7 +196,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
  * The filter functions (whose names appear in the array passed to
  * services()) take the following form:
  *
- * <pre>  function myFilter(&$service) {
+ * <pre>  function myFilter($service) {
  *       // Query $service object here.  Return true if the service
  *       // matches your query; false if not.
  *  }</pre>
@@ -207,7 +207,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
  * this contrived example):
  *
  * <pre>
- *  function URIMatcher(&$service) {
+ *  function URIMatcher($service) {
  *      foreach ($service->getElements('xrd:URI') as $uri) {
  *          if (preg_match("/some_pattern/",
  *                         $service->parser->content($uri))) {
@@ -250,7 +250,7 @@ class Auth_Yadis_Yadis {
      * If Auth_Yadis_CURL_OVERRIDE is defined, this method will always
      * return a {@link Auth_Yadis_PlainHTTPFetcher}.
      */
-    function getHTTPFetcher($timeout = 20)
+    static function getHTTPFetcher($timeout = 20)
     {
         if (Auth_Yadis_Yadis::curlPresent() &&
             (!defined('Auth_Yadis_CURL_OVERRIDE'))) {
@@ -261,7 +261,7 @@ class Auth_Yadis_Yadis {
         return $fetcher;
     }
 
-    function curlPresent()
+    static function curlPresent()
     {
         return function_exists('curl_init');
     }
@@ -269,7 +269,7 @@ class Auth_Yadis_Yadis {
     /**
      * @access private
      */
-    function _getHeader($header_list, $names)
+   static function _getHeader($header_list, $names)
     {
         foreach ($header_list as $name => $value) {
             foreach ($names as $n) {
@@ -285,7 +285,7 @@ class Auth_Yadis_Yadis {
     /**
      * @access private
      */
-    function _getContentType($content_type_header)
+    static function _getContentType($content_type_header)
     {
         if ($content_type_header) {
             $parts = explode(";", $content_type_header);
@@ -317,7 +317,7 @@ class Auth_Yadis_Yadis {
      * Auth_Yadis_Yadis, depending on whether the discovery
      * succeeded.
      */
-    function discover($uri, $fetcher,
+    static function discover($uri, $fetcher,
                       $extra_ns_map = null, $timeout = 20)
     {
         $result = new Auth_Yadis_DiscoveryResult($uri);
@@ -379,4 +379,4 @@ class Auth_Yadis_Yadis {
     }
 }
 
-?>
\ No newline at end of file
+
index da83cbe..f9944c5 100644 (file)
@@ -2,7 +2,8 @@ This directory contains a modified version of the PHP OpenID library
 (http://www.openidenabled.com/). We use only "Auth" directory from the library
 and include also a copy of COPYING file to conform to the license requirements.
 
-Current version of the library is 2.1.2.
+Current version of the library is 2.2.2 (git-checkout 2012-10-21).
+Source: https://github.com/openid/php-openid
 
 The following modifications are made:
 - added cURL proxy settings from TYPO3 to the Auth/Yadis/ParanoidHTTPFetcher.php
index 89c0410..d60b7e6 100644 (file)
@@ -1,9 +1,8 @@
-diff -b -r -u Auth/Yadis/ParanoidHTTPFetcher.php Auth/Yadis/ParanoidHTTPFetcher.php
---- Auth/Yadis/ParanoidHTTPFetcher.php 2008-09-09 21:12:13.000000000 +0200
-+++ Auth/Yadis/ParanoidHTTPFetcher.php 2008-09-24 22:24:11.000000000 +0200
-@@ -130,6 +130,19 @@
-             curl_setopt($c, CURLOPT_RANGE, 
-                         "0-".(1024 * Auth_OpenID_FETCHER_MAX_RESPONSE_KB));
+--- Auth/Yadis/ParanoidHTTPFetcher.php 2012-10-21 00:26:52.036842042 +0200
++++ Auth/Yadis/ParanoidHTTPFetcher.php 2012-10-21 00:33:46.515660341 +0200
+@@ -142,6 +142,19 @@
+                 }
+             }
  
 +                      // <TYPO3-specific>
 +                      if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
@@ -21,9 +20,9 @@ diff -b -r -u Auth/Yadis/ParanoidHTTPFetcher.php Auth/Yadis/ParanoidHTTPFetcher.
              curl_exec($c);
  
              $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
-@@ -194,6 +207,19 @@
-         curl_setopt($c, CURLOPT_WRITEFUNCTION,
-                     array(&$this, "_writeData"));
+@@ -226,6 +239,19 @@
+             }
+         }
  
 +              // <TYPO3-specific>
 +              if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
@@ -41,21 +40,3 @@ diff -b -r -u Auth/Yadis/ParanoidHTTPFetcher.php Auth/Yadis/ParanoidHTTPFetcher.
          curl_exec($c);
  
          $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
-Index: typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php
-===================================================================
---- typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php        (revision 7119)
-+++ typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php        (working copy)
-@@ -957,7 +957,11 @@
-             }
-             if (!$assoc->checkMessageSignature($message)) {
--                return new Auth_OpenID_FailureResponse(null,
-+                              // If we get a "bad signature" here, it means that the association
-+                              // is unrecoverabley corrupted in some way. Any futher attempts
-+                              // to login with this association is likely to fail. Drop it.
-+                              $this->store->removeAssociation($server_url, $assoc_handle);
-+                              return new Auth_OpenID_FailureResponse(null,
-                                                        "Bad signature");
-             }
-         } else {
-