From ed3022adc159fad722d93fe6bdc4a47b9a5d564b Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Sun, 5 Jul 2015 23:07:41 +0200 Subject: [PATCH] Janrain OpenID extlib updated From their tree on a4090d0b30f850044413630333341cd327cbb55a Source: https://github.com/openid/php-openid --- extlib/Auth/OpenID/Consumer.php | 21 +++++++++++-------- extlib/Auth/OpenID/FileStore.php | 2 +- extlib/Auth/OpenID/PredisStore.php | 11 ++++++---- extlib/Auth/OpenID/TrustRoot.php | 4 ++-- extlib/Auth/Yadis/Manager.php | 2 +- extlib/Auth/Yadis/ParanoidHTTPFetcher.php | 9 ++++++++ extlib/Auth/Yadis/ParseHTML.php | 25 +---------------------- extlib/Auth/Yadis/XML.php | 10 ++++++--- extlib/Auth/Yadis/XRDS.php | 2 +- extlib/Auth/Yadis/Yadis.php | 2 +- 10 files changed, 42 insertions(+), 46 deletions(-) diff --git a/extlib/Auth/OpenID/Consumer.php b/extlib/Auth/OpenID/Consumer.php index d562e33f35..9ac0c500e8 100644 --- a/extlib/Auth/OpenID/Consumer.php +++ b/extlib/Auth/OpenID/Consumer.php @@ -29,7 +29,7 @@ * identity check. * * LIBRARY DESIGN - * + * * This consumer library is designed with that flow in mind. The goal * is to make it as easy as possible to perform the above steps * securely. @@ -427,7 +427,7 @@ class Auth_OpenID_Consumer { $loader->fromSession($endpoint_data); $message = Auth_OpenID_Message::fromPostArgs($query); - $response = $this->consumer->complete($message, $endpoint, + $response = $this->consumer->complete($message, $endpoint, $current_url); $this->session->del($this->_token_key); @@ -616,6 +616,9 @@ class Auth_OpenID_GenericConsumer { $this->store = $store; $this->negotiator = Auth_OpenID_getDefaultNegotiator(); $this->_use_assocs = (is_null($this->store) ? false : true); + if (get_class($this->store) == "Auth_OpenID_DumbStore") { + $this->_use_assocs = false; + } $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); @@ -666,7 +669,7 @@ class Auth_OpenID_GenericConsumer { '_completeInvalid'); return call_user_func_array(array($this, $method), - array($message, &$endpoint, $return_to)); + array($message, $endpoint, $return_to)); } /** @@ -1186,7 +1189,7 @@ class Auth_OpenID_GenericConsumer { list($unused, $services) = call_user_func_array($this->discoverMethod, array( $claimed_id, - &$this->fetcher, + $this->fetcher, )); if (!$services) { @@ -1202,7 +1205,7 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _verifyDiscoveryServices($claimed_id, + function _verifyDiscoveryServices($claimed_id, $services, $to_match_endpoints) { // Search the services resulting from discovery to find one @@ -1210,7 +1213,7 @@ class Auth_OpenID_GenericConsumer { foreach ($services as $endpoint) { foreach ($to_match_endpoints as $to_match_endpoint) { - $result = $this->_verifyDiscoverySingle($endpoint, + $result = $this->_verifyDiscoverySingle($endpoint, $to_match_endpoint); if (!Auth_OpenID::isFailure($result)) { @@ -1368,7 +1371,7 @@ class Auth_OpenID_GenericConsumer { } } $ca_message = $message->copy(); - $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode', + $ca_message->setArg(Auth_OpenID_OPENID_NS, 'mode', 'check_authentication'); return $ca_message; } @@ -1606,7 +1609,7 @@ class Auth_OpenID_GenericConsumer { $expires_in = Auth_OpenID::intval($expires_in_str); if ($expires_in === false) { - + $err = sprintf("Could not parse expires_in from association ". "response %s", print_r($assoc_response, true)); return new Auth_OpenID_FailureResponse(null, $err); @@ -1953,7 +1956,7 @@ class Auth_OpenID_AuthRequest { function htmlMarkup($realm, $return_to=null, $immediate=false, $form_tag_attrs=null) { - $form = $this->formMarkup($realm, $return_to, $immediate, + $form = $this->formMarkup($realm, $return_to, $immediate, $form_tag_attrs); if (Auth_OpenID::isFailure($form)) { diff --git a/extlib/Auth/OpenID/FileStore.php b/extlib/Auth/OpenID/FileStore.php index 7eec791d24..d74f83dcb4 100644 --- a/extlib/Auth/OpenID/FileStore.php +++ b/extlib/Auth/OpenID/FileStore.php @@ -482,7 +482,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { } if ($handle = opendir($dir)) { - while ($item = readdir($handle)) { + while (false !== ($item = readdir($handle))) { if (!in_array($item, array('.', '..'))) { if (is_dir($dir . $item)) { diff --git a/extlib/Auth/OpenID/PredisStore.php b/extlib/Auth/OpenID/PredisStore.php index 7108c2faf9..14ecbbd6f8 100644 --- a/extlib/Auth/OpenID/PredisStore.php +++ b/extlib/Auth/OpenID/PredisStore.php @@ -104,8 +104,11 @@ class Auth_OpenID_PredisStore extends Auth_OpenID_OpenIDStore { // no handle given, receiving the latest issued $serverKey = $this->associationServerKey($server_url); - $lastKey = $this->redis->lpop($serverKey); - if (!$lastKey) { return null; } + $lastKey = $this->redis->lindex($serverKey, -1); + if (!$lastKey) { + // no previous association with this server + return null; + } // get association, return null if failed return $this->getAssociationFromServer($lastKey); @@ -156,10 +159,10 @@ class Auth_OpenID_PredisStore extends Auth_OpenID_OpenIDStore { // SETNX will set the value only of the key doesn't exist yet. $nonceKey = $this->nonceKey($server_url, $salt); - $added = $this->predis->setnx($nonceKey); + $added = $this->redis->setnx($nonceKey, "1"); if ($added) { // Will set expiration - $this->predis->expire($nonceKey, $Auth_OpenID_SKEW); + $this->redis->expire($nonceKey, $Auth_OpenID_SKEW); return true; } else { return false; diff --git a/extlib/Auth/OpenID/TrustRoot.php b/extlib/Auth/OpenID/TrustRoot.php index 000440b588..5e69490788 100644 --- a/extlib/Auth/OpenID/TrustRoot.php +++ b/extlib/Auth/OpenID/TrustRoot.php @@ -210,7 +210,7 @@ class Auth_OpenID_TrustRoot { if ($parts['host'] == 'localhost') { return true; } - + $host_parts = explode('.', $parts['host']); if ($parts['wildcard']) { // Remove the empty string from the beginning of the array @@ -413,7 +413,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher, } call_user_func_array($discover_function, - array($relying_party_url, &$fetcher)); + array($relying_party_url, $fetcher)); $return_to_urls = array(); $matching_endpoints = Auth_OpenID_extractReturnURL($endpoints); diff --git a/extlib/Auth/Yadis/Manager.php b/extlib/Auth/Yadis/Manager.php index 15e69079bb..664521c9ce 100644 --- a/extlib/Auth/Yadis/Manager.php +++ b/extlib/Auth/Yadis/Manager.php @@ -414,7 +414,7 @@ class Auth_Yadis_Discovery { list($yadis_url, $services) = call_user_func_array($discover_cb, array( $this->url, - &$fetcher, + $fetcher, )); $manager = $this->createManager($services, $yadis_url); diff --git a/extlib/Auth/Yadis/ParanoidHTTPFetcher.php b/extlib/Auth/Yadis/ParanoidHTTPFetcher.php index 125029c4cb..627ea9a8a2 100644 --- a/extlib/Auth/Yadis/ParanoidHTTPFetcher.php +++ b/extlib/Auth/Yadis/ParanoidHTTPFetcher.php @@ -90,6 +90,15 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { $this->reset(); $c = curl_init(); + if (defined('Auth_OpenID_DISABLE_SSL_VERIFYPEER') + && Auth_OpenID_DISABLE_SSL_VERIFYPEER === true) { + trigger_error( + 'You have disabled SSL verifcation, this is a TERRIBLE ' . + 'idea in almost all cases. Set Auth_OpenID_DISABLE_SSL_' . + 'VERIFYPEER to false if you want to be safe again', + E_USER_WARNING); + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); + } if ($c === false) { Auth_OpenID::log( diff --git a/extlib/Auth/Yadis/ParseHTML.php b/extlib/Auth/Yadis/ParseHTML.php index 6f0f8b7e28..255d7cd27c 100644 --- a/extlib/Auth/Yadis/ParseHTML.php +++ b/extlib/Auth/Yadis/ParseHTML.php @@ -65,29 +65,6 @@ class Auth_Yadis_ParseHTML { $this->_entity_replacements)); } - /** - * Replace HTML entities (amp, lt, gt, and quot) as well as - * numeric entities (e.g. #x9f;) with their actual values and - * return the new string. - * - * @access private - * @param string $str The string in which to look for entities - * @return string $new_str The new string entities decoded - */ - function replaceEntities($str) - { - foreach ($this->_entity_replacements as $old => $new) { - $str = preg_replace(sprintf("/&%s;/", $old), $new, $str); - } - - // Replace numeric entities because html_entity_decode doesn't - // do it for us. - $str = preg_replace('~&#x([0-9a-f]+);~ei', 'chr(hexdec("\\1"))', $str); - $str = preg_replace('~&#([0-9]+);~e', 'chr(\\1)', $str); - - return $str; - } - /** * Strip single and double quotes off of a string, if they are * present. @@ -216,7 +193,7 @@ class Auth_Yadis_ParseHTML { $link_attrs = array(); foreach ($attr_matches[0] as $index => $full_match) { $name = $attr_matches[1][$index]; - $value = $this->replaceEntities( + $value = html_entity_decode( $this->removeQuotes($attr_matches[2][$index])); $link_attrs[strtolower($name)] = $value; diff --git a/extlib/Auth/Yadis/XML.php b/extlib/Auth/Yadis/XML.php index 39a9942220..2b8a20eb31 100644 --- a/extlib/Auth/Yadis/XML.php +++ b/extlib/Auth/Yadis/XML.php @@ -250,6 +250,10 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { return false; } + if (isset($this->doc->doctype)) { + return false; + } + $this->xpath = new DOMXPath($this->doc); if ($this->xpath) { @@ -343,11 +347,11 @@ function Auth_Yadis_getSupportedExtensions() function Auth_Yadis_getXMLParser() { global $__Auth_Yadis_defaultParser; - + if (isset($__Auth_Yadis_defaultParser)) { return $__Auth_Yadis_defaultParser; } - + foreach(Auth_Yadis_getSupportedExtensions() as $extension => $classname) { if (extension_loaded($extension)) @@ -357,7 +361,7 @@ function Auth_Yadis_getXMLParser() return $p; } } - + return false; } diff --git a/extlib/Auth/Yadis/XRDS.php b/extlib/Auth/Yadis/XRDS.php index 1f5af96fb2..044d1e761c 100644 --- a/extlib/Auth/Yadis/XRDS.php +++ b/extlib/Auth/Yadis/XRDS.php @@ -429,7 +429,7 @@ class Auth_Yadis_XRDS { foreach ($filters as $filter) { - if (call_user_func_array($filter, array(&$service))) { + if (call_user_func_array($filter, array($service))) { $matches++; if ($filter_mode == SERVICES_YADIS_MATCH_ANY) { diff --git a/extlib/Auth/Yadis/Yadis.php b/extlib/Auth/Yadis/Yadis.php index 9ea2db7f91..f8853671e2 100644 --- a/extlib/Auth/Yadis/Yadis.php +++ b/extlib/Auth/Yadis/Yadis.php @@ -141,7 +141,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func, } $yadis_result = call_user_func_array($discover_func, - array($input_url, &$fetcher)); + array($input_url, $fetcher)); if ($yadis_result === null) { return array($input_url, array());