diff options
author | Brion Vibber <brion@status.net> | 2010-08-10 15:01:29 -0700 |
---|---|---|
committer | Brion Vibber <brion@status.net> | 2010-08-10 15:01:29 -0700 |
commit | 819d33210d298de74b64dc7ead79e9d9b223b12e (patch) | |
tree | 902d42087e633b96e12bef699f6c80e7342c9312 /extlib/Auth/OpenID | |
parent | 8f071b2818e8321ea910df612016175f65093402 (diff) | |
parent | 08fc6053ec55e911b842fd05dafc5e0c99c4e992 (diff) |
Merge branch '0.9.x' into tinymce
Diffstat (limited to 'extlib/Auth/OpenID')
28 files changed, 295 insertions, 222 deletions
diff --git a/extlib/Auth/OpenID/AX.php b/extlib/Auth/OpenID/AX.php index 4a617ae30..7370715e3 100644 --- a/extlib/Auth/OpenID/AX.php +++ b/extlib/Auth/OpenID/AX.php @@ -38,7 +38,7 @@ class Auth_OpenID_AX { * @return bool true if $thing is an Auth_OpenID_AX_Error; false * if not. */ - function isError($thing) + static function isError($thing) { return is_a($thing, 'Auth_OpenID_AX_Error'); } @@ -191,7 +191,7 @@ class Auth_OpenID_AX_AttrInfo { * Construct an attribute information object. For parameter * details, see the constructor. */ - function make($type_uri, $count=1, $required=false, + static function make($type_uri, $count=1, $required=false, $alias=null) { if ($alias !== null) { @@ -235,7 +235,7 @@ class Auth_OpenID_AX_AttrInfo { * return null If an alias is present in the list of aliases but * is not present in the namespace map. */ -function Auth_OpenID_AX_toTypeURIs(&$namespace_map, $alias_list_s) +function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s) { $uris = array(); @@ -386,7 +386,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { * Auth_OpenID_AX_FetchRequest extracted from the request message if * successful */ - function &fromOpenIDRequest($request) + static function fromOpenIDRequest($request) { $m = $request->message; $obj = new Auth_OpenID_AX_FetchRequest(); @@ -484,7 +484,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { Auth_OpenID::arrayGet($ax_args, 'required')); foreach ($required as $type_uri) { - $attrib =& $this->requested_attributes[$type_uri]; + $attrib = $this->requested_attributes[$type_uri]; $attrib->required = true; } @@ -587,7 +587,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { * * @access private */ - function _getExtensionKVArgs(&$aliases) + function _getExtensionKVArgs($aliases) { if ($aliases === null) { $aliases = new Auth_OpenID_NamespaceMap(); @@ -652,7 +652,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message { foreach ($aliases->iteritems() as $pair) { list($type_uri, $alias) = $pair; - if (array_key_exists('count.' . $alias, $ax_args)) { + if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) { $count_key = 'count.' . $alias; $count_s = $ax_args[$count_key]; @@ -888,7 +888,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { $ax_args['update_url'] = $update_url; } - Auth_OpenID::update(&$ax_args, $kv_args); + Auth_OpenID::update($ax_args, $kv_args); return $ax_args; } @@ -922,7 +922,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage { * @return $response A FetchResponse containing the data from the * OpenID message */ - function fromSuccessResponse($success_response, $signed=true) + static function fromSuccessResponse($success_response, $signed=true) { $obj = new Auth_OpenID_AX_FetchResponse(); if ($signed) { @@ -960,7 +960,7 @@ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage { { $ax_args = $this->_newArgs(); $kv_args = $this->_getExtensionKVArgs($aliases); - Auth_OpenID::update(&$ax_args, $kv_args); + Auth_OpenID::update($ax_args, $kv_args); return $ax_args; } } @@ -980,7 +980,7 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { * Returns Auth_OpenID_AX_Error on error or an * Auth_OpenID_AX_StoreResponse object on success. */ - function &make($succeeded=true, $error_message=null) + function make($succeeded=true, $error_message=null) { if (($succeeded) && ($error_message !== null)) { return new Auth_OpenID_AX_Error('An error message may only be '. @@ -1020,4 +1020,3 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/Association.php b/extlib/Auth/OpenID/Association.php index 37ce0cbf4..7fdf399a3 100644 --- a/extlib/Auth/OpenID/Association.php +++ b/extlib/Auth/OpenID/Association.php @@ -94,7 +94,7 @@ class Auth_OpenID_Association { * @return association An {@link Auth_OpenID_Association} * instance. */ - function fromExpiresIn($expires_in, $handle, $secret, $assoc_type) + static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type) { $issued = time(); $lifetime = $expires_in; @@ -132,7 +132,7 @@ class Auth_OpenID_Association { $handle, $secret, $issued, $lifetime, $assoc_type) { if (!in_array($assoc_type, - Auth_OpenID_getSupportedAssociationTypes())) { + Auth_OpenID_getSupportedAssociationTypes(), true)) { $fmt = 'Unsupported association type (%s)'; trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR); } @@ -206,7 +206,7 @@ class Auth_OpenID_Association { * @param string $assoc_s Association as serialized by serialize() * @return Auth_OpenID_Association $result instance of this class */ - function deserialize($class_name, $assoc_s) + static function deserialize($class_name, $assoc_s) { $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true); $keys = array(); @@ -327,7 +327,7 @@ class Auth_OpenID_Association { * * @access private */ - function _makePairs(&$message) + function _makePairs($message) { $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed'); if (!$signed || Auth_OpenID::isFailure($signed)) { @@ -352,7 +352,7 @@ class Auth_OpenID_Association { * * @access private */ - function getMessageSignature(&$message) + function getMessageSignature($message) { $pairs = $this->_makePairs($message); return base64_encode($this->sign($pairs)); @@ -364,7 +364,7 @@ class Auth_OpenID_Association { * * @access private */ - function checkMessageSignature(&$message) + function checkMessageSignature($message) { $sig = $message->getArg(Auth_OpenID_OPENID_NS, 'sig'); @@ -374,7 +374,42 @@ class Auth_OpenID_Association { } $calculated_sig = $this->getMessageSignature($message); - return $calculated_sig == $sig; + + return $this->constantTimeCompare($calculated_sig, $sig); + } + + /** + * String comparison function which will complete in a constant time + * for strings of any given matching length, to help prevent an attacker + * from distinguishing how much of a signature token they have guessed + * correctly. + * + * For this usage, it's assumed that the length of the string is known, + * so we may safely short-circuit on mismatched lengths which will be known + * to be invalid by the attacker. + * + * http://lists.openid.net/pipermail/openid-security/2010-July/001156.html + * http://rdist.root.org/2010/01/07/timing-independent-array-comparison/ + */ + private function constantTimeCompare($a, $b) + { + $len = strlen($a); + if (strlen($b) !== $len) { + // Short-circuit on length mismatch; attackers will already know + // the correct target length so this is safe. + return false; + } + if ($len == 0) { + // 0-length valid input shouldn't really happen. :) + return true; + } + $result = 0; + for ($i = 0; $i < strlen($a); $i++) { + // We use scary bitwise operations to avoid logical short-circuits + // in lower-level code. + $result |= ord($a{$i}) ^ ord($b{$i}); + } + return ($result == 0); } } @@ -469,18 +504,16 @@ function Auth_OpenID_getOnlyEncryptedOrder() return $result; } -function &Auth_OpenID_getDefaultNegotiator() +function Auth_OpenID_getDefaultNegotiator() { - $x = new Auth_OpenID_SessionNegotiator( + return new Auth_OpenID_SessionNegotiator( Auth_OpenID_getDefaultAssociationOrder()); - return $x; } -function &Auth_OpenID_getEncryptedNegotiator() +function Auth_OpenID_getEncryptedNegotiator() { - $x = new Auth_OpenID_SessionNegotiator( + return new Auth_OpenID_SessionNegotiator( Auth_OpenID_getOnlyEncryptedOrder()); - return $x; } /** @@ -610,4 +643,3 @@ class Auth_OpenID_SessionNegotiator { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/BigMath.php b/extlib/Auth/OpenID/BigMath.php index 45104947d..7fca2dc43 100644 --- a/extlib/Auth/OpenID/BigMath.php +++ b/extlib/Auth/OpenID/BigMath.php @@ -351,8 +351,7 @@ function Auth_OpenID_math_extensions() 'class' => 'Auth_OpenID_GmpMathWrapper'); } - $result[] = array( - 'modules' => array('bcmath', 'php_bcmath'), + $result[] = array('modules' => array('bcmath', 'php_bcmath'), 'extension' => 'bcmath', 'class' => 'Auth_OpenID_BcMathWrapper'); @@ -366,27 +365,9 @@ function Auth_OpenID_detectMathLibrary($exts) { $loaded = false; + $hasDl = function_exists('dl'); foreach ($exts as $extension) { - // See if the extension specified is already loaded. - if ($extension['extension'] && - extension_loaded($extension['extension'])) { - $loaded = true; - } - - // Try to load dynamic modules. - if (!$loaded) { - foreach ($extension['modules'] as $module) { - if (@dl($module . "." . PHP_SHLIB_SUFFIX)) { - $loaded = true; - break; - } - } - } - - // If the load succeeded, supply an instance of - // Auth_OpenID_MathWrapper which wraps the specified - // module's functionality. - if ($loaded) { + if (extension_loaded($extension['extension'])) { return $extension; } } @@ -405,7 +386,7 @@ function Auth_OpenID_detectMathLibrary($exts) * instance of a wrapper for that extension module. If no extension * module is found, an instance of {@link Auth_OpenID_MathWrapper} is * returned, which wraps the native PHP integer implementation. The - * proper calling convention for this method is $lib =& + * proper calling convention for this method is $lib = * Auth_OpenID_getMathLib(). * * This function checks for the existence of specific long number @@ -416,7 +397,7 @@ function Auth_OpenID_detectMathLibrary($exts) * * @package OpenID */ -function &Auth_OpenID_getMathLib() +function Auth_OpenID_getMathLib() { // The instance of Auth_OpenID_MathWrapper that we choose to // supply will be stored here, so that subseqent calls to this @@ -468,4 +449,4 @@ function Auth_OpenID_noMathSupport() return defined('Auth_OpenID_NO_MATH_SUPPORT'); } -?> + diff --git a/extlib/Auth/OpenID/Consumer.php b/extlib/Auth/OpenID/Consumer.php index 500890b65..021c03898 100644 --- a/extlib/Auth/OpenID/Consumer.php +++ b/extlib/Auth/OpenID/Consumer.php @@ -258,19 +258,19 @@ class Auth_OpenID_Consumer { * when creating the internal consumer object. This is used for * testing. */ - function Auth_OpenID_Consumer(&$store, $session = null, + function Auth_OpenID_Consumer($store, $session = null, $consumer_cls = null) { if ($session === null) { $session = new Auth_Yadis_PHPSession(); } - $this->session =& $session; + $this->session = $session; if ($consumer_cls !== null) { - $this->consumer =& new $consumer_cls($store); + $this->consumer = new $consumer_cls($store); } else { - $this->consumer =& new Auth_OpenID_GenericConsumer($store); + $this->consumer = new Auth_OpenID_GenericConsumer($store); } $this->_token_key = $this->session_key_prefix . $this->_token_suffix; @@ -281,7 +281,7 @@ class Auth_OpenID_Consumer { * * @access private */ - function getDiscoveryObject(&$session, $openid_url, + function getDiscoveryObject($session, $openid_url, $session_key_prefix) { return new Auth_Yadis_Discovery($session, $openid_url, @@ -339,7 +339,7 @@ class Auth_OpenID_Consumer { $this->consumer->fetcher); // Reset the 'stale' attribute of the manager. - $m =& $disco->getManager(); + $m = $disco->getManager(); if ($m) { $m->stale = false; $disco->session->set($disco->session_key, @@ -370,7 +370,7 @@ class Auth_OpenID_Consumer { * @return Auth_OpenID_AuthRequest $auth_request An OpenID * authentication request object. */ - function &beginWithoutDiscovery($endpoint, $anonymous=false) + function beginWithoutDiscovery($endpoint, $anonymous=false) { $loader = new Auth_OpenID_ServiceEndpointLoader(); $auth_req = $this->consumer->begin($endpoint); @@ -467,7 +467,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { function getRequest() { - $math =& Auth_OpenID_getMathLib(); + $math = Auth_OpenID_getMathLib(); $cpub = $math->longToBase64($this->dh->public); @@ -496,7 +496,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession { return null; } - $math =& Auth_OpenID_getMathLib(); + $math = Auth_OpenID_getMathLib(); $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS, 'dh_server_public')); @@ -611,11 +611,11 @@ class Auth_OpenID_GenericConsumer { * in the module description. The default value is False, which * disables immediate mode. */ - function Auth_OpenID_GenericConsumer(&$store) + function Auth_OpenID_GenericConsumer($store) { - $this->store =& $store; - $this->negotiator =& Auth_OpenID_getDefaultNegotiator(); - $this->_use_assocs = ($this->store ? true : false); + $this->store = $store; + $this->negotiator = Auth_OpenID_getDefaultNegotiator(); + $this->_use_assocs = (is_null($this->store) ? false : true); $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); @@ -665,14 +665,14 @@ class Auth_OpenID_GenericConsumer { $method = Auth_OpenID::arrayGet($mode_methods, $mode, '_completeInvalid'); - return call_user_func_array(array(&$this, $method), - array($message, $endpoint, $return_to)); + return call_user_func_array(array($this, $method), + array($message, &$endpoint, $return_to)); } /** * @access private */ - function _completeInvalid($message, &$endpoint, $unused) + function _completeInvalid($message, $endpoint, $unused) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode', '<No mode set>'); @@ -684,7 +684,7 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _complete_cancel($message, &$endpoint, $unused) + function _complete_cancel($message, $endpoint, $unused) { return new Auth_OpenID_CancelResponse($endpoint); } @@ -692,7 +692,7 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _complete_error($message, &$endpoint, $unused) + function _complete_error($message, $endpoint, $unused) { $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error'); $contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact'); @@ -705,7 +705,7 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _complete_setup_needed($message, &$endpoint, $unused) + function _complete_setup_needed($message, $endpoint, $unused) { if (!$message->isOpenID2()) { return $this->_completeInvalid($message, $endpoint); @@ -719,7 +719,7 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _complete_id_res($message, &$endpoint, $return_to) + function _complete_id_res($message, $endpoint, $return_to) { $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS, 'user_setup_url'); @@ -1181,7 +1181,7 @@ class Auth_OpenID_GenericConsumer { // oidutil.log('Performing discovery on %s' % (claimed_id,)) list($unused, $services) = call_user_func($this->discoverMethod, $claimed_id, - $this->fetcher); + &$this->fetcher); if (!$services) { return new Auth_OpenID_FailureResponse(null, @@ -1197,7 +1197,7 @@ class Auth_OpenID_GenericConsumer { * @access private */ function _verifyDiscoveryServices($claimed_id, - &$services, &$to_match_endpoints) + $services, $to_match_endpoints) { // Search the services resulting from discovery to find one // that matches the information from the assertion @@ -1216,8 +1216,8 @@ class Auth_OpenID_GenericConsumer { } return new Auth_OpenID_FailureResponse(null, - sprintf('No matching endpoint found after discovering %s', - $claimed_id)); + sprintf('No matching endpoint found after discovering %s: %s', + $claimed_id, $result->message)); } /** @@ -1397,7 +1397,7 @@ class Auth_OpenID_GenericConsumer { * * @access private */ - function _httpResponseToMessage($response, $server_url) + static function _httpResponseToMessage($response, $server_url) { // Should this function be named Message.fromHTTPResponse instead? $response_message = Auth_OpenID_Message::fromKVForm($response->body); @@ -1461,7 +1461,7 @@ class Auth_OpenID_GenericConsumer { * * @access private */ - function _extractSupportedAssociationType(&$server_error, &$endpoint, + function _extractSupportedAssociationType($server_error, $endpoint, $assoc_type) { // Any error message whose code is not 'unsupported-type' @@ -1566,7 +1566,7 @@ class Auth_OpenID_GenericConsumer { /** * @access private */ - function _extractAssociation(&$assoc_response, &$assoc_session) + function _extractAssociation($assoc_response, $assoc_session) { // Extract the common fields from the response, raising an // exception if they are not found @@ -1748,10 +1748,10 @@ class Auth_OpenID_AuthRequest { * class. Instances of this class are created by the library when * needed. */ - function Auth_OpenID_AuthRequest(&$endpoint, $assoc) + function Auth_OpenID_AuthRequest($endpoint, $assoc) { $this->assoc = $assoc; - $this->endpoint =& $endpoint; + $this->endpoint = $endpoint; $this->return_to_args = array(); $this->message = new Auth_OpenID_Message( $endpoint->preferredNamespace()); @@ -1764,7 +1764,7 @@ class Auth_OpenID_AuthRequest { * $extension_request: An object that implements the extension * request interface for adding arguments to an OpenID message. */ - function addExtension(&$extension_request) + function addExtension($extension_request) { $extension_request->toMessage($this->message); } @@ -2089,7 +2089,7 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse { foreach ($msg_args as $key => $value) { if (!$this->isSigned($ns_uri, $key)) { - return null; + unset($msg_args[$key]); } } @@ -2167,7 +2167,7 @@ class Auth_OpenID_ServerErrorContainer { /** * @access private */ - function fromMessage($message) + static function fromMessage($message) { $error_text = $message->getArg( Auth_OpenID_OPENID_NS, 'error', '<no error message supplied>'); @@ -2227,4 +2227,4 @@ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse { } } -?> + diff --git a/extlib/Auth/OpenID/CryptUtil.php b/extlib/Auth/OpenID/CryptUtil.php index aacc3cd39..a92626777 100644 --- a/extlib/Auth/OpenID/CryptUtil.php +++ b/extlib/Auth/OpenID/CryptUtil.php @@ -37,7 +37,7 @@ class Auth_OpenID_CryptUtil { * @param int $num_bytes The length of the return value * @return string $bytes random bytes */ - function getBytes($num_bytes) + static function getBytes($num_bytes) { static $f = null; $bytes = ''; @@ -77,7 +77,7 @@ class Auth_OpenID_CryptUtil { * @return string $result A string of randomly-chosen characters * from $chrs */ - function randomString($length, $population = null) + static function randomString($length, $population = null) { if ($population === null) { return Auth_OpenID_CryptUtil::getBytes($length); @@ -106,4 +106,3 @@ class Auth_OpenID_CryptUtil { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/DatabaseConnection.php b/extlib/Auth/OpenID/DatabaseConnection.php index 9db6e0eb3..0c7d08f91 100644 --- a/extlib/Auth/OpenID/DatabaseConnection.php +++ b/extlib/Auth/OpenID/DatabaseConnection.php @@ -128,4 +128,3 @@ class Auth_OpenID_DatabaseConnection { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/DiffieHellman.php b/extlib/Auth/OpenID/DiffieHellman.php index f4ded7eba..3e25b7dbb 100644 --- a/extlib/Auth/OpenID/DiffieHellman.php +++ b/extlib/Auth/OpenID/DiffieHellman.php @@ -51,9 +51,9 @@ class Auth_OpenID_DiffieHellman { $private = null, $lib = null) { if ($lib === null) { - $this->lib =& Auth_OpenID_getMathLib(); + $this->lib = Auth_OpenID_getMathLib(); } else { - $this->lib =& $lib; + $this->lib = $lib; } if ($mod === null) { @@ -110,4 +110,4 @@ class Auth_OpenID_DiffieHellman { } } -?> + diff --git a/extlib/Auth/OpenID/Discover.php b/extlib/Auth/OpenID/Discover.php index 62aeb1d2b..7b0c640c5 100644 --- a/extlib/Auth/OpenID/Discover.php +++ b/extlib/Auth/OpenID/Discover.php @@ -28,8 +28,34 @@ function Auth_OpenID_getOpenIDTypeURIs() Auth_OpenID_TYPE_2_0, Auth_OpenID_TYPE_1_2, Auth_OpenID_TYPE_1_1, - Auth_OpenID_TYPE_1_0, - Auth_OpenID_RP_RETURN_TO_URL_TYPE); + Auth_OpenID_TYPE_1_0); +} + +function Auth_OpenID_getOpenIDConsumerTypeURIs() +{ + return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE); +} + + +/* + * Provides a user-readable interpretation of a type uri. + * Useful for error messages. + */ +function Auth_OpenID_getOpenIDTypeName($type_uri) { + switch ($type_uri) { + case Auth_OpenID_TYPE_2_0_IDP: + return 'OpenID 2.0 IDP'; + case Auth_OpenID_TYPE_2_0: + return 'OpenID 2.0'; + case Auth_OpenID_TYPE_1_2: + return 'OpenID 1.2'; + case Auth_OpenID_TYPE_1_1: + return 'OpenID 1.1'; + case Auth_OpenID_TYPE_1_0: + return 'OpenID 1.0'; + case Auth_OpenID_RP_RETURN_TO_URL_TYPE: + return 'OpenID relying party'; + } } /** @@ -124,7 +150,7 @@ class Auth_OpenID_ServiceEndpoint { return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris); } - function fromOPEndpointURL($op_endpoint_url) + static function fromOPEndpointURL($op_endpoint_url) { // Construct an OP-Identifier OpenIDServiceEndpoint object for // a given OP Endpoint URL @@ -172,17 +198,36 @@ class Auth_OpenID_ServiceEndpoint { } /* - * Parse the given document as XRDS looking for OpenID services. + * Parse the given document as XRDS looking for OpenID consumer services. * * @return array of Auth_OpenID_ServiceEndpoint or null if the * document cannot be parsed. */ - function fromXRDS($uri, $xrds_text) + function consumerFromXRDS($uri, $xrds_text) { $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text); if ($xrds) { $yadis_services = + $xrds->services(array('filter_MatchesAnyOpenIDConsumerType')); + return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services); + } + + return null; + } + + /* + * Parse the given document as XRDS looking for OpenID services. + * + * @return array of Auth_OpenID_ServiceEndpoint or null if the + * document cannot be parsed. + */ + static function fromXRDS($uri, $xrds_text) + { + $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text); + + if ($xrds) { + $yadis_services = $xrds->services(array('filter_MatchesAnyOpenIDType')); return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services); } @@ -197,7 +242,7 @@ class Auth_OpenID_ServiceEndpoint { * @return array of Auth_OpenID_ServiceEndpoint or null if * endpoints cannot be created. */ - function fromDiscoveryResult($discoveryResult) + static function fromDiscoveryResult($discoveryResult) { if ($discoveryResult->isXRDS()) { return Auth_OpenID_ServiceEndpoint::fromXRDS( @@ -210,7 +255,7 @@ class Auth_OpenID_ServiceEndpoint { } } - function fromHTML($uri, $html) + static function fromHTML($uri, $html) { $discovery_types = array( array(Auth_OpenID_TYPE_2_0, @@ -273,7 +318,7 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) $service->parser->registerNamespace('xrd', Auth_Yadis_XMLNS_XRD_2_0); - $parser =& $service->parser; + $parser = $service->parser; $permitted_tags = array(); @@ -305,7 +350,7 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris) return $local_id; } -function filter_MatchesAnyOpenIDType(&$service) +function filter_MatchesAnyOpenIDType($service) { $uris = $service->getTypes(); @@ -318,6 +363,19 @@ function filter_MatchesAnyOpenIDType(&$service) return false; } +function filter_MatchesAnyOpenIDConsumerType(&$service) +{ + $uris = $service->getTypes(); + + foreach ($uris as $uri) { + if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) { + return true; + } + } + + return false; +} + function Auth_OpenID_bestMatchingService($service, $preferred_types) { // Return the index of the first matching type, or something @@ -415,7 +473,7 @@ function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services) return $s; } -function Auth_OpenID_discoverWithYadis($uri, &$fetcher, +function Auth_OpenID_discoverWithYadis($uri, $fetcher, $endpoint_filter='Auth_OpenID_getOPOrUserServices', $discover_function=null) { @@ -433,12 +491,12 @@ function Auth_OpenID_discoverWithYadis($uri, &$fetcher, $openid_services = array(); $response = call_user_func_array($discover_function, - array($uri, &$fetcher)); + array($uri, $fetcher)); $yadis_url = $response->normalized_uri; $yadis_services = array(); - if ($response->isFailure()) { + if ($response->isFailure() && !$response->isXRDS()) { return array($uri, array()); } @@ -460,18 +518,18 @@ function Auth_OpenID_discoverWithYadis($uri, &$fetcher, } $openid_services = call_user_func_array($endpoint_filter, - array(&$openid_services)); + array($openid_services)); return array($yadis_url, $openid_services); } -function Auth_OpenID_discoverURI($uri, &$fetcher) +function Auth_OpenID_discoverURI($uri, $fetcher) { $uri = Auth_OpenID::normalizeUrl($uri); return Auth_OpenID_discoverWithYadis($uri, $fetcher); } -function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher) +function Auth_OpenID_discoverWithoutYadis($uri, $fetcher) { $http_resp = @$fetcher->get($uri); @@ -490,7 +548,7 @@ function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher) return array($identity_url, $openid_services); } -function Auth_OpenID_discoverXRI($iname, &$fetcher) +function Auth_OpenID_discoverXRI($iname, $fetcher) { $resolver = new Auth_Yadis_ProxyResolver($fetcher); list($canonicalID, $yadis_services) = @@ -513,7 +571,7 @@ function Auth_OpenID_discoverXRI($iname, &$fetcher) return array($iname, $openid_services); } -function Auth_OpenID_discover($uri, &$fetcher) +function Auth_OpenID_discover($uri, $fetcher) { // If the fetcher (i.e., PHP) doesn't support SSL, we can't do // discovery on an HTTPS URL. @@ -545,4 +603,4 @@ function Auth_OpenID_discover($uri, &$fetcher) return $result; } -?> + diff --git a/extlib/Auth/OpenID/DumbStore.php b/extlib/Auth/OpenID/DumbStore.php index 22fd2d366..e8f29ace5 100644 --- a/extlib/Auth/OpenID/DumbStore.php +++ b/extlib/Auth/OpenID/DumbStore.php @@ -97,4 +97,3 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/Extension.php b/extlib/Auth/OpenID/Extension.php index f362a4b38..c4e38c038 100644 --- a/extlib/Auth/OpenID/Extension.php +++ b/extlib/Auth/OpenID/Extension.php @@ -39,7 +39,7 @@ class Auth_OpenID_Extension { * * Returns the message with the extension arguments added. */ - function toMessage(&$message) + function toMessage($message) { $implicit = $message->isOpenID1(); $added = $message->namespaces->addAlias($this->ns_uri, @@ -59,4 +59,3 @@ class Auth_OpenID_Extension { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/FileStore.php b/extlib/Auth/OpenID/FileStore.php index 29d8d20e7..074421a0b 100644 --- a/extlib/Auth/OpenID/FileStore.php +++ b/extlib/Auth/OpenID/FileStore.php @@ -367,7 +367,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { } if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) { - return False; + return false; } if ($server_url) { @@ -519,7 +519,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { /** * @access private */ - function _mkdtemp($dir) + static function _mkdtemp($dir) { foreach (range(0, 4) as $i) { $name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) . @@ -615,4 +615,4 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { } } -?> + diff --git a/extlib/Auth/OpenID/HMAC.php b/extlib/Auth/OpenID/HMAC.php index ec42db8df..e9779bd4e 100644 --- a/extlib/Auth/OpenID/HMAC.php +++ b/extlib/Auth/OpenID/HMAC.php @@ -96,4 +96,3 @@ if (function_exists('hash_hmac') && define('Auth_OpenID_HMACSHA256_SUPPORTED', false); } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/Interface.php b/extlib/Auth/OpenID/Interface.php index f4c6062f8..eca6b9c50 100644 --- a/extlib/Auth/OpenID/Interface.php +++ b/extlib/Auth/OpenID/Interface.php @@ -194,4 +194,3 @@ class Auth_OpenID_OpenIDStore { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/KVForm.php b/extlib/Auth/OpenID/KVForm.php index fb342a001..dd02661d8 100644 --- a/extlib/Auth/OpenID/KVForm.php +++ b/extlib/Auth/OpenID/KVForm.php @@ -26,7 +26,7 @@ class Auth_OpenID_KVForm { * @static * @access private */ - function toArray($kvs, $strict=false) + static function toArray($kvs, $strict=false) { $lines = explode("\n", $kvs); @@ -78,7 +78,7 @@ class Auth_OpenID_KVForm { * @static * @access private */ - function fromArray($values) + static function fromArray($values) { if ($values === null) { return null; @@ -109,4 +109,3 @@ class Auth_OpenID_KVForm { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/MemcachedStore.php b/extlib/Auth/OpenID/MemcachedStore.php index d357c6b11..fc10800b1 100644 --- a/extlib/Auth/OpenID/MemcachedStore.php +++ b/extlib/Auth/OpenID/MemcachedStore.php @@ -205,4 +205,3 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/Message.php b/extlib/Auth/OpenID/Message.php index 5ab115a86..9aa1fa468 100644 --- a/extlib/Auth/OpenID/Message.php +++ b/extlib/Auth/OpenID/Message.php @@ -143,7 +143,7 @@ class Auth_OpenID_Mapping { * Returns true if $thing is an Auth_OpenID_Mapping object; false * if not. */ - function isA($thing) + static function isA($thing) { return (is_object($thing) && strtolower(get_class($thing)) == 'auth_openid_mapping'); @@ -442,7 +442,7 @@ class Auth_OpenID_Message { return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS; } - function fromPostArgs($args) + static function fromPostArgs($args) { // Construct a Message containing a set of POST arguments $obj = new Auth_OpenID_Message(); @@ -477,7 +477,7 @@ class Auth_OpenID_Message { } } - function fromOpenIDArgs($openid_args) + static function fromOpenIDArgs($openid_args) { // Takes an array. @@ -594,7 +594,7 @@ class Auth_OpenID_Message { return $this->_openid_ns_uri; } - function fromKVForm($kvform_string) + static function fromKVForm($kvform_string) { // Create a Message from a KVForm string return Auth_OpenID_Message::fromOpenIDArgs( @@ -917,4 +917,4 @@ class Auth_OpenID_Message { } } -?> + diff --git a/extlib/Auth/OpenID/MySQLStore.php b/extlib/Auth/OpenID/MySQLStore.php index eb08af016..810f059f1 100644 --- a/extlib/Auth/OpenID/MySQLStore.php +++ b/extlib/Auth/OpenID/MySQLStore.php @@ -75,4 +75,3 @@ class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/Nonce.php b/extlib/Auth/OpenID/Nonce.php index effecac38..b83c5911f 100644 --- a/extlib/Auth/OpenID/Nonce.php +++ b/extlib/Auth/OpenID/Nonce.php @@ -106,4 +106,3 @@ function Auth_OpenID_mkNonce($when = null) return $time_str . $salt; } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/PAPE.php b/extlib/Auth/OpenID/PAPE.php index 62cba8a91..f08ca8bd0 100644 --- a/extlib/Auth/OpenID/PAPE.php +++ b/extlib/Auth/OpenID/PAPE.php @@ -21,7 +21,7 @@ define('PAPE_AUTH_PHISHING_RESISTANT', 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant'); define('PAPE_TIME_VALIDATOR', - '^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$'); + '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/'); /** * A Provider Authentication Policy request, sent from a relying party * to a provider @@ -82,7 +82,7 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension { * Instantiate a Request object from the arguments in a checkid_* * OpenID message */ - function fromOpenIDRequest($request) + static function fromOpenIDRequest($request) { $obj = new Auth_OpenID_PAPE_Request(); $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI); @@ -201,7 +201,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { * @returns: A provider authentication policy response from the * data that was supplied with the id_res response. */ - function fromSuccessResponse($success_response) + static function fromSuccessResponse($success_response) { $obj = new Auth_OpenID_PAPE_Response(); @@ -262,7 +262,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { $auth_time = Auth_OpenID::arrayGet($args, 'auth_time'); if ($auth_time !== null) { - if (ereg(PAPE_TIME_VALIDATOR, $auth_time)) { + if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) { $this->auth_time = $auth_time; } else if ($strict) { return false; @@ -287,7 +287,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { } if ($this->auth_time !== null) { - if (!ereg(PAPE_TIME_VALIDATOR, $this->auth_time)) { + if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) { return false; } @@ -298,4 +298,3 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/Parse.php b/extlib/Auth/OpenID/Parse.php index 546f34f6b..6c2e72169 100644 --- a/extlib/Auth/OpenID/Parse.php +++ b/extlib/Auth/OpenID/Parse.php @@ -101,7 +101,7 @@ class Auth_OpenID_Parse { * Starts with the tag name at a word boundary, where the tag name * is not a namespace */ - var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*?)(?:<\/?%s\s*>|\Z))"; + var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))"; var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)'; @@ -215,11 +215,31 @@ class Auth_OpenID_Parse { return $str; } } + + function match($regexp, $text, &$match) + { + if (!is_callable('mb_ereg_search_init')) { + return preg_match($regexp, $text, $match); + } + + $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags)); + mb_ereg_search_init($text); + if (!mb_ereg_search($regexp)) { + return false; + } + list($match) = mb_ereg_search_getregs(); + return true; + } /** * Find all link tags in a string representing a HTML document and * return a list of their attributes. * + * @todo This is quite ineffective and may fail with the default + * pcre.backtrack_limit of 100000 in PHP 5.2, if $html is big. + * It should rather use stripos (in PHP5) or strpos()+strtoupper() + * in PHP4 to manage this. + * * @param string $html The text to parse * @return array $list An array of arrays of attributes, one for each * link tag @@ -244,18 +264,23 @@ class Auth_OpenID_Parse { $stripped = substr($stripped, $html_begin, $html_end - $html_begin); + // Workaround to prevent PREG_BACKTRACK_LIMIT_ERROR: + $old_btlimit = ini_set( 'pcre.backtrack_limit', -1 ); + // Try to find the <HEAD> tag. $head_re = $this->headFind(); - $head_matches = array(); - if (!preg_match($head_re, $stripped, $head_matches)) { - return array(); + $head_match = ''; + if (!$this->match($head_re, $stripped, $head_match)) { + ini_set( 'pcre.backtrack_limit', $old_btlimit ); + return array(); } $link_data = array(); $link_matches = array(); - if (!preg_match_all($this->_link_find, $head_matches[0], + if (!preg_match_all($this->_link_find, $head_match, $link_matches)) { + ini_set( 'pcre.backtrack_limit', $old_btlimit ); return array(); } @@ -273,6 +298,7 @@ class Auth_OpenID_Parse { $link_data[] = $link_attrs; } + ini_set( 'pcre.backtrack_limit', $old_btlimit ); return $link_data; } @@ -349,4 +375,3 @@ function Auth_OpenID_legacy_discover($html_text, $server_rel, } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/PostgreSQLStore.php b/extlib/Auth/OpenID/PostgreSQLStore.php index 69d95e7b8..d90e43e00 100644 --- a/extlib/Auth/OpenID/PostgreSQLStore.php +++ b/extlib/Auth/OpenID/PostgreSQLStore.php @@ -110,4 +110,3 @@ class Auth_OpenID_PostgreSQLStore extends Auth_OpenID_SQLStore { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/SQLStore.php b/extlib/Auth/OpenID/SQLStore.php index da93c6aa2..c04059732 100644 --- a/extlib/Auth/OpenID/SQLStore.php +++ b/extlib/Auth/OpenID/SQLStore.php @@ -14,16 +14,6 @@ */ /** - * Require the PEAR DB module because we'll need it for the SQL-based - * stores implemented here. We silence any errors from the inclusion - * because it might not be present, and a user of the SQL stores may - * supply an Auth_OpenID_DatabaseConnection instance that implements - * its own storage. - */ -global $__Auth_OpenID_PEAR_AVAILABLE; -$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; - -/** * @access private */ require_once 'Auth/OpenID/Interface.php'; @@ -89,8 +79,6 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { $associations_table = null, $nonces_table = null) { - global $__Auth_OpenID_PEAR_AVAILABLE; - $this->associations_table_name = "oid_associations"; $this->nonces_table_name = "oid_nonces"; @@ -113,7 +101,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { // constant, so only try to use it if PEAR is present. Note // that Auth_Openid_Databaseconnection instances need not // implement ::setFetchMode for this reason. - if ($__Auth_OpenID_PEAR_AVAILABLE) { + if (is_subclass_of($this->connection, 'db_common')) { $this->connection->setFetchMode(DB_FETCHMODE_ASSOC); } @@ -482,7 +470,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { global $Auth_OpenID_SKEW; if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) { - return False; + return false; } return $this->_add_nonce($server_url, $timestamp, $salt); @@ -566,4 +554,4 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { } } -?> + diff --git a/extlib/Auth/OpenID/SQLiteStore.php b/extlib/Auth/OpenID/SQLiteStore.php index ec2bf58e4..4558fa1c3 100644 --- a/extlib/Auth/OpenID/SQLiteStore.php +++ b/extlib/Auth/OpenID/SQLiteStore.php @@ -68,4 +68,3 @@ class Auth_OpenID_SQLiteStore extends Auth_OpenID_SQLStore { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/SReg.php b/extlib/Auth/OpenID/SReg.php index 63280769f..5ece70724 100644 --- a/extlib/Auth/OpenID/SReg.php +++ b/extlib/Auth/OpenID/SReg.php @@ -94,7 +94,7 @@ Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg'); * $endpoint: The endpoint object as returned by OpenID discovery. * returns whether an sreg type was advertised by the endpoint */ -function Auth_OpenID_supportsSReg(&$endpoint) +function Auth_OpenID_supportsSReg($endpoint) { return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) || $endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0)); @@ -122,7 +122,7 @@ class Auth_OpenID_SRegBase extends Auth_OpenID_Extension { * * @access private */ - function _getSRegNS(&$message) + static function _getSRegNS($message) { $alias = null; $found_ns_uri = null; @@ -173,7 +173,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { /** * Initialize an empty simple registration request. */ - function build($required=null, $optional=null, + static function build($required=null, $optional=null, $policy_url=null, $sreg_ns_uri=Auth_OpenID_SREG_NS_URI, $cls='Auth_OpenID_SRegRequest') @@ -213,7 +213,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase { * * Returns the newly created simple registration request */ - function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest') + static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest') { $obj = call_user_func_array(array($cls, 'build'), @@ -442,7 +442,7 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { * string (unicode) value. For instance, the nickname should be * stored under the key 'nickname'. */ - function extractResponse($request, $data) + static function extractResponse($request, $data) { $obj = new Auth_OpenID_SRegResponse(); $obj->ns_uri = $request->ns_uri; @@ -471,7 +471,7 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { * Returns a simple registration response containing the data that * was supplied with the C{id_res} response. */ - function fromSuccessResponse(&$success_response, $signed_only=true) + static function fromSuccessResponse($success_response, $signed_only=true) { global $Auth_OpenID_sreg_data_fields; @@ -518,4 +518,4 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase { } } -?> + diff --git a/extlib/Auth/OpenID/Server.php b/extlib/Auth/OpenID/Server.php index f1db4d872..cc8ba961c 100644 --- a/extlib/Auth/OpenID/Server.php +++ b/extlib/Auth/OpenID/Server.php @@ -43,7 +43,7 @@ * consumers to add extensions to their requests. For example, with * sites using the Simple Registration * Extension - * (http://www.openidenabled.com/openid/simple-registration-extension/), + * (http://openid.net/specs/openid-simple-registration-extension-1_0.html), * a user can agree to have their nickname and e-mail address sent to * a site when they sign up. * @@ -365,7 +365,7 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { $this->message = null; } - function fromMessage($message, $server=null) + static function fromMessage($message, $server=null) { $required_keys = array('assoc_handle', 'sig', 'signed'); @@ -396,7 +396,7 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request { return $result; } - function answer(&$signatory) + function answer($signatory) { $is_valid = $signatory->verify($this->assoc_handle, $this->signed); @@ -436,7 +436,7 @@ class Auth_OpenID_PlainTextServerSession { var $needs_math = false; var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256'); - function fromMessage($unused_request) + static function fromMessage($unused_request) { return new Auth_OpenID_PlainTextServerSession(); } @@ -469,7 +469,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { $this->consumer_pubkey = $consumer_pubkey; } - function getDH($message) + static function getDH($message) { $dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus'); $dh_gen = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_gen'); @@ -489,7 +489,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { $missing); } - $lib =& Auth_OpenID_getMathLib(); + $lib = Auth_OpenID_getMathLib(); if ($dh_modulus || $dh_gen) { $dh_modulus = $lib->base64ToLong($dh_modulus); @@ -523,7 +523,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { return array($dh, $consumer_pubkey); } - function fromMessage($message) + static function fromMessage($message) { $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message); @@ -538,7 +538,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession { function answer($secret) { - $lib =& Auth_OpenID_getMathLib(); + $lib = Auth_OpenID_getMathLib(); $mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret, $this->hash_func); return array( @@ -560,7 +560,7 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession var $hash_func = 'Auth_OpenID_SHA256'; var $allowed_assoc_types = array('HMAC-SHA256'); - function fromMessage($message) + static function fromMessage($message) { $result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message); @@ -582,7 +582,7 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { var $mode = "associate"; - function getSessionClasses() + static function getSessionClasses() { return array( 'no-encryption' => 'Auth_OpenID_PlainTextServerSession', @@ -590,14 +590,14 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { 'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession'); } - function Auth_OpenID_AssociateRequest(&$session, $assoc_type) + function Auth_OpenID_AssociateRequest($session, $assoc_type) { - $this->session =& $session; + $this->session = $session; $this->namespace = Auth_OpenID_OPENID2_NS; $this->assoc_type = $assoc_type; } - function fromMessage($message, $server=null) + static function fromMessage($message, $server=null) { if ($message->isOpenID1()) { $session_type = $message->getArg(Auth_OpenID_OPENID_NS, @@ -696,7 +696,7 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request { 'session_type', $preferred_session_type); } - + $response->code = AUTH_OPENID_HTTP_ERROR; return $response; } } @@ -734,7 +734,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { */ var $namespace; - function make(&$message, $identity, $return_to, $trust_root = null, + static function make($message, $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null) { if ($server === null) { @@ -752,7 +752,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { $assoc_handle, $server); $r->namespace = $message->getOpenIDNamespace(); - $r->message =& $message; + $r->message = $message; if (!$r->trustRootValid()) { return new Auth_OpenID_UntrustedReturnURL($message, @@ -778,7 +778,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { } $this->return_to = $return_to; $this->trust_root = $trust_root; - $this->server =& $server; + $this->server = $server; if ($immediate) { $this->immediate = true; @@ -817,11 +817,12 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { */ function returnToVerified() { + $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); return call_user_func_array($this->verifyReturnTo, - array($this->trust_root, $this->return_to)); + array($this->trust_root, $this->return_to, $fetcher)); } - - function fromMessage(&$message, $server) + + static function fromMessage($message, $server) { $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode'); $immediate = null; @@ -1097,7 +1098,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { in OpenID 1.x immediate mode.'); } - $setup_request =& new Auth_OpenID_CheckIDRequest( + $setup_request = new Auth_OpenID_CheckIDRequest( $this->identity, $this->return_to, $this->trust_root, @@ -1183,9 +1184,9 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { */ class Auth_OpenID_ServerResponse { - function Auth_OpenID_ServerResponse(&$request) + function Auth_OpenID_ServerResponse($request) { - $this->request =& $request; + $this->request = $request; $this->fields = new Auth_OpenID_Message($this->request->namespace); } @@ -1310,10 +1311,10 @@ class Auth_OpenID_Signatory { /** * Create a new signatory using a given store. */ - function Auth_OpenID_Signatory(&$store) + function Auth_OpenID_Signatory($store) { // assert store is not None - $this->store =& $store; + $this->store = $store; } /** @@ -1447,7 +1448,7 @@ class Auth_OpenID_Encoder { * Encode an {@link Auth_OpenID_ServerResponse} and return an * {@link Auth_OpenID_WebResponse}. */ - function encode(&$response) + function encode($response) { $cls = $this->responseFactory; @@ -1463,10 +1464,14 @@ class Auth_OpenID_Encoder { array('location' => $location)); } else if ($encode_as == Auth_OpenID_ENCODE_HTML_FORM) { $wr = new $cls(AUTH_OPENID_HTTP_OK, array(), - $response->toFormMarkup()); + $response->toHTML()); } else { return new Auth_OpenID_EncodingError($response); } + /* Allow the response to carry a custom error code (ex: for Association errors) */ + if(isset($response->code)) { + $wr->code = $response->code; + } return $wr; } } @@ -1478,16 +1483,16 @@ class Auth_OpenID_Encoder { */ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { - function Auth_OpenID_SigningEncoder(&$signatory) + function Auth_OpenID_SigningEncoder($signatory) { - $this->signatory =& $signatory; + $this->signatory = $signatory; } /** * Sign an {@link Auth_OpenID_ServerResponse} and return an * {@link Auth_OpenID_WebResponse}. */ - function encode(&$response) + function encode($response) { // the isinstance is a bit of a kludge... it means there isn't // really an adapter to make the interfaces quite match. @@ -1516,9 +1521,9 @@ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder { */ class Auth_OpenID_Decoder { - function Auth_OpenID_Decoder(&$server) + function Auth_OpenID_Decoder($server) { - $this->server =& $server; + $this->server = $server; $this->handlers = array( 'checkid_setup' => 'Auth_OpenID_CheckIDRequest', @@ -1599,9 +1604,9 @@ class Auth_OpenID_Decoder { * @package OpenID */ class Auth_OpenID_EncodingError { - function Auth_OpenID_EncodingError(&$response) + function Auth_OpenID_EncodingError($response) { - $this->response =& $response; + $this->response = $response; } } @@ -1674,14 +1679,14 @@ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError { * @package OpenID */ class Auth_OpenID_Server { - function Auth_OpenID_Server(&$store, $op_endpoint=null) + function Auth_OpenID_Server($store, $op_endpoint=null) { - $this->store =& $store; - $this->signatory =& new Auth_OpenID_Signatory($this->store); - $this->encoder =& new Auth_OpenID_SigningEncoder($this->signatory); - $this->decoder =& new Auth_OpenID_Decoder($this); + $this->store = $store; + $this->signatory = new Auth_OpenID_Signatory($this->store); + $this->encoder = new Auth_OpenID_SigningEncoder($this->signatory); + $this->decoder = new Auth_OpenID_Decoder($this); $this->op_endpoint = $op_endpoint; - $this->negotiator =& Auth_OpenID_getDefaultNegotiator(); + $this->negotiator = Auth_OpenID_getDefaultNegotiator(); } /** @@ -1699,7 +1704,7 @@ class Auth_OpenID_Server { { if (method_exists($this, "openid_" . $request->mode)) { $handler = array($this, "openid_" . $request->mode); - return call_user_func($handler, $request); + return call_user_func($handler, &$request); } return null; } @@ -1707,7 +1712,7 @@ class Auth_OpenID_Server { /** * The callback for 'check_authentication' messages. */ - function openid_check_authentication(&$request) + function openid_check_authentication($request) { return $request->answer($this->signatory); } @@ -1715,7 +1720,7 @@ class Auth_OpenID_Server { /** * The callback for 'associate' messages. */ - function openid_associate(&$request) + function openid_associate($request) { $assoc_type = $request->assoc_type; $session_type = $request->session->session_type; @@ -1738,7 +1743,7 @@ class Auth_OpenID_Server { * Encodes as response in the appropriate format suitable for * sending to the user agent. */ - function encodeResponse(&$response) + function encodeResponse($response) { return $this->encoder->encode($response); } @@ -1757,4 +1762,4 @@ class Auth_OpenID_Server { } } -?> + diff --git a/extlib/Auth/OpenID/ServerRequest.php b/extlib/Auth/OpenID/ServerRequest.php index 33a8556ce..69222a5e0 100644 --- a/extlib/Auth/OpenID/ServerRequest.php +++ b/extlib/Auth/OpenID/ServerRequest.php @@ -34,4 +34,3 @@ class Auth_OpenID_ServerRequest { } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/TrustRoot.php b/extlib/Auth/OpenID/TrustRoot.php index 4919a6065..000440b58 100644 --- a/extlib/Auth/OpenID/TrustRoot.php +++ b/extlib/Auth/OpenID/TrustRoot.php @@ -58,7 +58,7 @@ class Auth_OpenID_TrustRoot { * @return The URL upon which relying party discovery should be * run in order to verify the return_to URL */ - function buildDiscoveryURL($realm) + static function buildDiscoveryURL($realm) { $parsed = Auth_OpenID_TrustRoot::_parse($realm); @@ -93,7 +93,7 @@ class Auth_OpenID_TrustRoot { * @return mixed $parsed Either an associative array of trust root * parts or false if parsing failed. */ - function _parse($trust_root) + static function _parse($trust_root) { $trust_root = Auth_OpenID_urinorm($trust_root); if ($trust_root === null) { @@ -199,7 +199,7 @@ class Auth_OpenID_TrustRoot { * @param string $trust_root The trust root to check * @return bool $sanity Whether the trust root looks OK */ - function isSane($trust_root) + static function isSane($trust_root) { $parts = Auth_OpenID_TrustRoot::_parse($trust_root); if ($parts === false) { @@ -269,7 +269,7 @@ class Auth_OpenID_TrustRoot { * @return bool $matches Whether the URL matches against the * trust root */ - function match($trust_root, $url) + static function match($trust_root, $url) { $trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root); $url_parsed = Auth_OpenID_TrustRoot::_parse($url); @@ -341,7 +341,7 @@ class Auth_OpenID_TrustRoot { * @returns: The endpoint URL or None if the endpoint is not a * relying party endpoint. */ -function filter_extractReturnURL(&$endpoint) +function filter_extractReturnURL($endpoint) { if ($endpoint->matchTypes(array(Auth_OpenID_RP_RETURN_TO_URL_TYPE))) { return $endpoint; @@ -394,14 +394,14 @@ function Auth_OpenID_returnToMatches($allowed_return_to_urls, $return_to) * Given a relying party discovery URL return a list of return_to * URLs. */ -function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher, +function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher, $discover_function=null) { if ($discover_function === null) { $discover_function = array('Auth_Yadis_Yadis', 'discover'); } - $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'fromXRDS'); + $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'consumerFromXRDS'); list($rp_url_after_redirects, $endpoints) = Auth_Yadis_getServiceEndpoints($relying_party_url, $xrds_parse_cb, @@ -413,7 +413,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher, } call_user_func_array($discover_function, - array($relying_party_url, $fetcher)); + array($relying_party_url, &$fetcher)); $return_to_urls = array(); $matching_endpoints = Auth_OpenID_extractReturnURL($endpoints); @@ -435,7 +435,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher, * * @return true if the return_to URL is valid for the realm */ -function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher, +function Auth_OpenID_verifyReturnTo($realm_str, $return_to, $fetcher, $_vrfy='Auth_OpenID_getAllowedReturnURLs') { $disco_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm_str); @@ -445,7 +445,7 @@ function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher, } $allowable_urls = call_user_func_array($_vrfy, - array($disco_url, &$fetcher)); + array($disco_url, $fetcher)); // The realm_str could not be parsed. if ($allowable_urls === false) { @@ -459,4 +459,3 @@ function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher, } } -?>
\ No newline at end of file diff --git a/extlib/Auth/OpenID/URINorm.php b/extlib/Auth/OpenID/URINorm.php index f821d836a..c051b550a 100644 --- a/extlib/Auth/OpenID/URINorm.php +++ b/extlib/Auth/OpenID/URINorm.php @@ -246,4 +246,4 @@ function Auth_OpenID_urinorm($uri) return $scheme . '://' . $authority . $path . $query . $fragment; } -?> + |