summaryrefslogtreecommitdiff
path: root/extlib/Auth/OpenID
diff options
context:
space:
mode:
Diffstat (limited to 'extlib/Auth/OpenID')
-rw-r--r--extlib/Auth/OpenID/AX.php23
-rw-r--r--extlib/Auth/OpenID/Association.php60
-rw-r--r--extlib/Auth/OpenID/BigMath.php31
-rw-r--r--extlib/Auth/OpenID/Consumer.php66
-rw-r--r--extlib/Auth/OpenID/CryptUtil.php5
-rw-r--r--extlib/Auth/OpenID/DatabaseConnection.php1
-rw-r--r--extlib/Auth/OpenID/DiffieHellman.php6
-rw-r--r--extlib/Auth/OpenID/Discover.php94
-rw-r--r--extlib/Auth/OpenID/DumbStore.php1
-rw-r--r--extlib/Auth/OpenID/Extension.php3
-rw-r--r--extlib/Auth/OpenID/FileStore.php6
-rw-r--r--extlib/Auth/OpenID/HMAC.php1
-rw-r--r--extlib/Auth/OpenID/Interface.php1
-rw-r--r--extlib/Auth/OpenID/KVForm.php5
-rw-r--r--extlib/Auth/OpenID/MemcachedStore.php1
-rw-r--r--extlib/Auth/OpenID/Message.php10
-rw-r--r--extlib/Auth/OpenID/MySQLStore.php1
-rw-r--r--extlib/Auth/OpenID/Nonce.php1
-rw-r--r--extlib/Auth/OpenID/PAPE.php11
-rw-r--r--extlib/Auth/OpenID/Parse.php37
-rw-r--r--extlib/Auth/OpenID/PostgreSQLStore.php1
-rw-r--r--extlib/Auth/OpenID/SQLStore.php18
-rw-r--r--extlib/Auth/OpenID/SQLiteStore.php1
-rw-r--r--extlib/Auth/OpenID/SReg.php14
-rw-r--r--extlib/Auth/OpenID/Server.php95
-rw-r--r--extlib/Auth/OpenID/ServerRequest.php1
-rw-r--r--extlib/Auth/OpenID/TrustRoot.php21
-rw-r--r--extlib/Auth/OpenID/URINorm.php2
28 files changed, 295 insertions, 222 deletions
diff --git a/extlib/Auth/OpenID/AX.php b/extlib/Auth/OpenID/AX.php
index 4a617ae30..7370715e3 100644
--- a/extlib/Auth/OpenID/AX.php
+++ b/extlib/Auth/OpenID/AX.php
@@ -38,7 +38,7 @@ class Auth_OpenID_AX {
* @return bool true if $thing is an Auth_OpenID_AX_Error; false
* if not.
*/
- function isError($thing)
+ static function isError($thing)
{
return is_a($thing, 'Auth_OpenID_AX_Error');
}
@@ -191,7 +191,7 @@ class Auth_OpenID_AX_AttrInfo {
* Construct an attribute information object. For parameter
* details, see the constructor.
*/
- function make($type_uri, $count=1, $required=false,
+ static function make($type_uri, $count=1, $required=false,
$alias=null)
{
if ($alias !== null) {
@@ -235,7 +235,7 @@ class Auth_OpenID_AX_AttrInfo {
* return null If an alias is present in the list of aliases but
* is not present in the namespace map.
*/
-function Auth_OpenID_AX_toTypeURIs(&$namespace_map, $alias_list_s)
+function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s)
{
$uris = array();
@@ -386,7 +386,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
* Auth_OpenID_AX_FetchRequest extracted from the request message if
* successful
*/
- function &fromOpenIDRequest($request)
+ static function fromOpenIDRequest($request)
{
$m = $request->message;
$obj = new Auth_OpenID_AX_FetchRequest();
@@ -484,7 +484,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
Auth_OpenID::arrayGet($ax_args, 'required'));
foreach ($required as $type_uri) {
- $attrib =& $this->requested_attributes[$type_uri];
+ $attrib = $this->requested_attributes[$type_uri];
$attrib->required = true;
}
@@ -587,7 +587,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
*
* @access private
*/
- function _getExtensionKVArgs(&$aliases)
+ function _getExtensionKVArgs($aliases)
{
if ($aliases === null) {
$aliases = new Auth_OpenID_NamespaceMap();
@@ -652,7 +652,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
foreach ($aliases->iteritems() as $pair) {
list($type_uri, $alias) = $pair;
- if (array_key_exists('count.' . $alias, $ax_args)) {
+ if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
$count_key = 'count.' . $alias;
$count_s = $ax_args[$count_key];
@@ -888,7 +888,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
$ax_args['update_url'] = $update_url;
}
- Auth_OpenID::update(&$ax_args, $kv_args);
+ Auth_OpenID::update($ax_args, $kv_args);
return $ax_args;
}
@@ -922,7 +922,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
* @return $response A FetchResponse containing the data from the
* OpenID message
*/
- function fromSuccessResponse($success_response, $signed=true)
+ static function fromSuccessResponse($success_response, $signed=true)
{
$obj = new Auth_OpenID_AX_FetchResponse();
if ($signed) {
@@ -960,7 +960,7 @@ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage {
{
$ax_args = $this->_newArgs();
$kv_args = $this->_getExtensionKVArgs($aliases);
- Auth_OpenID::update(&$ax_args, $kv_args);
+ Auth_OpenID::update($ax_args, $kv_args);
return $ax_args;
}
}
@@ -980,7 +980,7 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
* Returns Auth_OpenID_AX_Error on error or an
* Auth_OpenID_AX_StoreResponse object on success.
*/
- function &make($succeeded=true, $error_message=null)
+ function make($succeeded=true, $error_message=null)
{
if (($succeeded) && ($error_message !== null)) {
return new Auth_OpenID_AX_Error('An error message may only be '.
@@ -1020,4 +1020,3 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/Association.php b/extlib/Auth/OpenID/Association.php
index 37ce0cbf4..7fdf399a3 100644
--- a/extlib/Auth/OpenID/Association.php
+++ b/extlib/Auth/OpenID/Association.php
@@ -94,7 +94,7 @@ class Auth_OpenID_Association {
* @return association An {@link Auth_OpenID_Association}
* instance.
*/
- function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
+ static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
{
$issued = time();
$lifetime = $expires_in;
@@ -132,7 +132,7 @@ class Auth_OpenID_Association {
$handle, $secret, $issued, $lifetime, $assoc_type)
{
if (!in_array($assoc_type,
- Auth_OpenID_getSupportedAssociationTypes())) {
+ Auth_OpenID_getSupportedAssociationTypes(), true)) {
$fmt = 'Unsupported association type (%s)';
trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
}
@@ -206,7 +206,7 @@ class Auth_OpenID_Association {
* @param string $assoc_s Association as serialized by serialize()
* @return Auth_OpenID_Association $result instance of this class
*/
- function deserialize($class_name, $assoc_s)
+ static function deserialize($class_name, $assoc_s)
{
$pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
$keys = array();
@@ -327,7 +327,7 @@ class Auth_OpenID_Association {
*
* @access private
*/
- function _makePairs(&$message)
+ function _makePairs($message)
{
$signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
if (!$signed || Auth_OpenID::isFailure($signed)) {
@@ -352,7 +352,7 @@ class Auth_OpenID_Association {
*
* @access private
*/
- function getMessageSignature(&$message)
+ function getMessageSignature($message)
{
$pairs = $this->_makePairs($message);
return base64_encode($this->sign($pairs));
@@ -364,7 +364,7 @@ class Auth_OpenID_Association {
*
* @access private
*/
- function checkMessageSignature(&$message)
+ function checkMessageSignature($message)
{
$sig = $message->getArg(Auth_OpenID_OPENID_NS,
'sig');
@@ -374,7 +374,42 @@ class Auth_OpenID_Association {
}
$calculated_sig = $this->getMessageSignature($message);
- return $calculated_sig == $sig;
+
+ return $this->constantTimeCompare($calculated_sig, $sig);
+ }
+
+ /**
+ * String comparison function which will complete in a constant time
+ * for strings of any given matching length, to help prevent an attacker
+ * from distinguishing how much of a signature token they have guessed
+ * correctly.
+ *
+ * For this usage, it's assumed that the length of the string is known,
+ * so we may safely short-circuit on mismatched lengths which will be known
+ * to be invalid by the attacker.
+ *
+ * http://lists.openid.net/pipermail/openid-security/2010-July/001156.html
+ * http://rdist.root.org/2010/01/07/timing-independent-array-comparison/
+ */
+ private function constantTimeCompare($a, $b)
+ {
+ $len = strlen($a);
+ if (strlen($b) !== $len) {
+ // Short-circuit on length mismatch; attackers will already know
+ // the correct target length so this is safe.
+ return false;
+ }
+ if ($len == 0) {
+ // 0-length valid input shouldn't really happen. :)
+ return true;
+ }
+ $result = 0;
+ for ($i = 0; $i < strlen($a); $i++) {
+ // We use scary bitwise operations to avoid logical short-circuits
+ // in lower-level code.
+ $result |= ord($a{$i}) ^ ord($b{$i});
+ }
+ return ($result == 0);
}
}
@@ -469,18 +504,16 @@ function Auth_OpenID_getOnlyEncryptedOrder()
return $result;
}
-function &Auth_OpenID_getDefaultNegotiator()
+function Auth_OpenID_getDefaultNegotiator()
{
- $x = new Auth_OpenID_SessionNegotiator(
+ return new Auth_OpenID_SessionNegotiator(
Auth_OpenID_getDefaultAssociationOrder());
- return $x;
}
-function &Auth_OpenID_getEncryptedNegotiator()
+function Auth_OpenID_getEncryptedNegotiator()
{
- $x = new Auth_OpenID_SessionNegotiator(
+ return new Auth_OpenID_SessionNegotiator(
Auth_OpenID_getOnlyEncryptedOrder());
- return $x;
}
/**
@@ -610,4 +643,3 @@ class Auth_OpenID_SessionNegotiator {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/BigMath.php b/extlib/Auth/OpenID/BigMath.php
index 45104947d..7fca2dc43 100644
--- a/extlib/Auth/OpenID/BigMath.php
+++ b/extlib/Auth/OpenID/BigMath.php
@@ -351,8 +351,7 @@ function Auth_OpenID_math_extensions()
'class' => 'Auth_OpenID_GmpMathWrapper');
}
- $result[] = array(
- 'modules' => array('bcmath', 'php_bcmath'),
+ $result[] = array('modules' => array('bcmath', 'php_bcmath'),
'extension' => 'bcmath',
'class' => 'Auth_OpenID_BcMathWrapper');
@@ -366,27 +365,9 @@ function Auth_OpenID_detectMathLibrary($exts)
{
$loaded = false;
+ $hasDl = function_exists('dl');
foreach ($exts as $extension) {
- // See if the extension specified is already loaded.
- if ($extension['extension'] &&
- extension_loaded($extension['extension'])) {
- $loaded = true;
- }
-
- // Try to load dynamic modules.
- if (!$loaded) {
- foreach ($extension['modules'] as $module) {
- if (@dl($module . "." . PHP_SHLIB_SUFFIX)) {
- $loaded = true;
- break;
- }
- }
- }
-
- // If the load succeeded, supply an instance of
- // Auth_OpenID_MathWrapper which wraps the specified
- // module's functionality.
- if ($loaded) {
+ if (extension_loaded($extension['extension'])) {
return $extension;
}
}
@@ -405,7 +386,7 @@ function Auth_OpenID_detectMathLibrary($exts)
* instance of a wrapper for that extension module. If no extension
* module is found, an instance of {@link Auth_OpenID_MathWrapper} is
* returned, which wraps the native PHP integer implementation. The
- * proper calling convention for this method is $lib =&
+ * proper calling convention for this method is $lib =
* Auth_OpenID_getMathLib().
*
* This function checks for the existence of specific long number
@@ -416,7 +397,7 @@ function Auth_OpenID_detectMathLibrary($exts)
*
* @package OpenID
*/
-function &Auth_OpenID_getMathLib()
+function Auth_OpenID_getMathLib()
{
// The instance of Auth_OpenID_MathWrapper that we choose to
// supply will be stored here, so that subseqent calls to this
@@ -468,4 +449,4 @@ function Auth_OpenID_noMathSupport()
return defined('Auth_OpenID_NO_MATH_SUPPORT');
}
-?>
+
diff --git a/extlib/Auth/OpenID/Consumer.php b/extlib/Auth/OpenID/Consumer.php
index 500890b65..021c03898 100644
--- a/extlib/Auth/OpenID/Consumer.php
+++ b/extlib/Auth/OpenID/Consumer.php
@@ -258,19 +258,19 @@ class Auth_OpenID_Consumer {
* when creating the internal consumer object. This is used for
* testing.
*/
- function Auth_OpenID_Consumer(&$store, $session = null,
+ function Auth_OpenID_Consumer($store, $session = null,
$consumer_cls = null)
{
if ($session === null) {
$session = new Auth_Yadis_PHPSession();
}
- $this->session =& $session;
+ $this->session = $session;
if ($consumer_cls !== null) {
- $this->consumer =& new $consumer_cls($store);
+ $this->consumer = new $consumer_cls($store);
} else {
- $this->consumer =& new Auth_OpenID_GenericConsumer($store);
+ $this->consumer = new Auth_OpenID_GenericConsumer($store);
}
$this->_token_key = $this->session_key_prefix . $this->_token_suffix;
@@ -281,7 +281,7 @@ class Auth_OpenID_Consumer {
*
* @access private
*/
- function getDiscoveryObject(&$session, $openid_url,
+ function getDiscoveryObject($session, $openid_url,
$session_key_prefix)
{
return new Auth_Yadis_Discovery($session, $openid_url,
@@ -339,7 +339,7 @@ class Auth_OpenID_Consumer {
$this->consumer->fetcher);
// Reset the 'stale' attribute of the manager.
- $m =& $disco->getManager();
+ $m = $disco->getManager();
if ($m) {
$m->stale = false;
$disco->session->set($disco->session_key,
@@ -370,7 +370,7 @@ class Auth_OpenID_Consumer {
* @return Auth_OpenID_AuthRequest $auth_request An OpenID
* authentication request object.
*/
- function &beginWithoutDiscovery($endpoint, $anonymous=false)
+ function beginWithoutDiscovery($endpoint, $anonymous=false)
{
$loader = new Auth_OpenID_ServiceEndpointLoader();
$auth_req = $this->consumer->begin($endpoint);
@@ -467,7 +467,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
function getRequest()
{
- $math =& Auth_OpenID_getMathLib();
+ $math = Auth_OpenID_getMathLib();
$cpub = $math->longToBase64($this->dh->public);
@@ -496,7 +496,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
return null;
}
- $math =& Auth_OpenID_getMathLib();
+ $math = Auth_OpenID_getMathLib();
$spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS,
'dh_server_public'));
@@ -611,11 +611,11 @@ class Auth_OpenID_GenericConsumer {
* in the module description. The default value is False, which
* disables immediate mode.
*/
- function Auth_OpenID_GenericConsumer(&$store)
+ function Auth_OpenID_GenericConsumer($store)
{
- $this->store =& $store;
- $this->negotiator =& Auth_OpenID_getDefaultNegotiator();
- $this->_use_assocs = ($this->store ? true : false);
+ $this->store = $store;
+ $this->negotiator = Auth_OpenID_getDefaultNegotiator();
+ $this->_use_assocs = (is_null($this->store) ? false : true);
$this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
@@ -665,14 +665,14 @@ class Auth_OpenID_GenericConsumer {
$method = Auth_OpenID::arrayGet($mode_methods, $mode,
'_completeInvalid');
- return call_user_func_array(array(&$this, $method),
- array($message, $endpoint, $return_to));
+ return call_user_func_array(array($this, $method),
+ array($message, &$endpoint, $return_to));
}
/**
* @access private
*/
- function _completeInvalid($message, &$endpoint, $unused)
+ function _completeInvalid($message, $endpoint, $unused)
{
$mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode',
'<No mode set>');
@@ -684,7 +684,7 @@ class Auth_OpenID_GenericConsumer {
/**
* @access private
*/
- function _complete_cancel($message, &$endpoint, $unused)
+ function _complete_cancel($message, $endpoint, $unused)
{
return new Auth_OpenID_CancelResponse($endpoint);
}
@@ -692,7 +692,7 @@ class Auth_OpenID_GenericConsumer {
/**
* @access private
*/
- function _complete_error($message, &$endpoint, $unused)
+ function _complete_error($message, $endpoint, $unused)
{
$error = $message->getArg(Auth_OpenID_OPENID_NS, 'error');
$contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact');
@@ -705,7 +705,7 @@ class Auth_OpenID_GenericConsumer {
/**
* @access private
*/
- function _complete_setup_needed($message, &$endpoint, $unused)
+ function _complete_setup_needed($message, $endpoint, $unused)
{
if (!$message->isOpenID2()) {
return $this->_completeInvalid($message, $endpoint);
@@ -719,7 +719,7 @@ class Auth_OpenID_GenericConsumer {
/**
* @access private
*/
- function _complete_id_res($message, &$endpoint, $return_to)
+ function _complete_id_res($message, $endpoint, $return_to)
{
$user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS,
'user_setup_url');
@@ -1181,7 +1181,7 @@ class Auth_OpenID_GenericConsumer {
// oidutil.log('Performing discovery on %s' % (claimed_id,))
list($unused, $services) = call_user_func($this->discoverMethod,
$claimed_id,
- $this->fetcher);
+ &$this->fetcher);
if (!$services) {
return new Auth_OpenID_FailureResponse(null,
@@ -1197,7 +1197,7 @@ class Auth_OpenID_GenericConsumer {
* @access private
*/
function _verifyDiscoveryServices($claimed_id,
- &$services, &$to_match_endpoints)
+ $services, $to_match_endpoints)
{
// Search the services resulting from discovery to find one
// that matches the information from the assertion
@@ -1216,8 +1216,8 @@ class Auth_OpenID_GenericConsumer {
}
return new Auth_OpenID_FailureResponse(null,
- sprintf('No matching endpoint found after discovering %s',
- $claimed_id));
+ sprintf('No matching endpoint found after discovering %s: %s',
+ $claimed_id, $result->message));
}
/**
@@ -1397,7 +1397,7 @@ class Auth_OpenID_GenericConsumer {
*
* @access private
*/
- function _httpResponseToMessage($response, $server_url)
+ static function _httpResponseToMessage($response, $server_url)
{
// Should this function be named Message.fromHTTPResponse instead?
$response_message = Auth_OpenID_Message::fromKVForm($response->body);
@@ -1461,7 +1461,7 @@ class Auth_OpenID_GenericConsumer {
*
* @access private
*/
- function _extractSupportedAssociationType(&$server_error, &$endpoint,
+ function _extractSupportedAssociationType($server_error, $endpoint,
$assoc_type)
{
// Any error message whose code is not 'unsupported-type'
@@ -1566,7 +1566,7 @@ class Auth_OpenID_GenericConsumer {
/**
* @access private
*/
- function _extractAssociation(&$assoc_response, &$assoc_session)
+ function _extractAssociation($assoc_response, $assoc_session)
{
// Extract the common fields from the response, raising an
// exception if they are not found
@@ -1748,10 +1748,10 @@ class Auth_OpenID_AuthRequest {
* class. Instances of this class are created by the library when
* needed.
*/
- function Auth_OpenID_AuthRequest(&$endpoint, $assoc)
+ function Auth_OpenID_AuthRequest($endpoint, $assoc)
{
$this->assoc = $assoc;
- $this->endpoint =& $endpoint;
+ $this->endpoint = $endpoint;
$this->return_to_args = array();
$this->message = new Auth_OpenID_Message(
$endpoint->preferredNamespace());
@@ -1764,7 +1764,7 @@ class Auth_OpenID_AuthRequest {
* $extension_request: An object that implements the extension
* request interface for adding arguments to an OpenID message.
*/
- function addExtension(&$extension_request)
+ function addExtension($extension_request)
{
$extension_request->toMessage($this->message);
}
@@ -2089,7 +2089,7 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse {
foreach ($msg_args as $key => $value) {
if (!$this->isSigned($ns_uri, $key)) {
- return null;
+ unset($msg_args[$key]);
}
}
@@ -2167,7 +2167,7 @@ class Auth_OpenID_ServerErrorContainer {
/**
* @access private
*/
- function fromMessage($message)
+ static function fromMessage($message)
{
$error_text = $message->getArg(
Auth_OpenID_OPENID_NS, 'error', '<no error message supplied>');
@@ -2227,4 +2227,4 @@ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse {
}
}
-?>
+
diff --git a/extlib/Auth/OpenID/CryptUtil.php b/extlib/Auth/OpenID/CryptUtil.php
index aacc3cd39..a92626777 100644
--- a/extlib/Auth/OpenID/CryptUtil.php
+++ b/extlib/Auth/OpenID/CryptUtil.php
@@ -37,7 +37,7 @@ class Auth_OpenID_CryptUtil {
* @param int $num_bytes The length of the return value
* @return string $bytes random bytes
*/
- function getBytes($num_bytes)
+ static function getBytes($num_bytes)
{
static $f = null;
$bytes = '';
@@ -77,7 +77,7 @@ class Auth_OpenID_CryptUtil {
* @return string $result A string of randomly-chosen characters
* from $chrs
*/
- function randomString($length, $population = null)
+ static function randomString($length, $population = null)
{
if ($population === null) {
return Auth_OpenID_CryptUtil::getBytes($length);
@@ -106,4 +106,3 @@ class Auth_OpenID_CryptUtil {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/DatabaseConnection.php b/extlib/Auth/OpenID/DatabaseConnection.php
index 9db6e0eb3..0c7d08f91 100644
--- a/extlib/Auth/OpenID/DatabaseConnection.php
+++ b/extlib/Auth/OpenID/DatabaseConnection.php
@@ -128,4 +128,3 @@ class Auth_OpenID_DatabaseConnection {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/DiffieHellman.php b/extlib/Auth/OpenID/DiffieHellman.php
index f4ded7eba..3e25b7dbb 100644
--- a/extlib/Auth/OpenID/DiffieHellman.php
+++ b/extlib/Auth/OpenID/DiffieHellman.php
@@ -51,9 +51,9 @@ class Auth_OpenID_DiffieHellman {
$private = null, $lib = null)
{
if ($lib === null) {
- $this->lib =& Auth_OpenID_getMathLib();
+ $this->lib = Auth_OpenID_getMathLib();
} else {
- $this->lib =& $lib;
+ $this->lib = $lib;
}
if ($mod === null) {
@@ -110,4 +110,4 @@ class Auth_OpenID_DiffieHellman {
}
}
-?>
+
diff --git a/extlib/Auth/OpenID/Discover.php b/extlib/Auth/OpenID/Discover.php
index 62aeb1d2b..7b0c640c5 100644
--- a/extlib/Auth/OpenID/Discover.php
+++ b/extlib/Auth/OpenID/Discover.php
@@ -28,8 +28,34 @@ function Auth_OpenID_getOpenIDTypeURIs()
Auth_OpenID_TYPE_2_0,
Auth_OpenID_TYPE_1_2,
Auth_OpenID_TYPE_1_1,
- Auth_OpenID_TYPE_1_0,
- Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+ Auth_OpenID_TYPE_1_0);
+}
+
+function Auth_OpenID_getOpenIDConsumerTypeURIs()
+{
+ return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+}
+
+
+/*
+ * Provides a user-readable interpretation of a type uri.
+ * Useful for error messages.
+ */
+function Auth_OpenID_getOpenIDTypeName($type_uri) {
+ switch ($type_uri) {
+ case Auth_OpenID_TYPE_2_0_IDP:
+ return 'OpenID 2.0 IDP';
+ case Auth_OpenID_TYPE_2_0:
+ return 'OpenID 2.0';
+ case Auth_OpenID_TYPE_1_2:
+ return 'OpenID 1.2';
+ case Auth_OpenID_TYPE_1_1:
+ return 'OpenID 1.1';
+ case Auth_OpenID_TYPE_1_0:
+ return 'OpenID 1.0';
+ case Auth_OpenID_RP_RETURN_TO_URL_TYPE:
+ return 'OpenID relying party';
+ }
}
/**
@@ -124,7 +150,7 @@ class Auth_OpenID_ServiceEndpoint {
return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris);
}
- function fromOPEndpointURL($op_endpoint_url)
+ static function fromOPEndpointURL($op_endpoint_url)
{
// Construct an OP-Identifier OpenIDServiceEndpoint object for
// a given OP Endpoint URL
@@ -172,17 +198,36 @@ class Auth_OpenID_ServiceEndpoint {
}
/*
- * Parse the given document as XRDS looking for OpenID services.
+ * Parse the given document as XRDS looking for OpenID consumer services.
*
* @return array of Auth_OpenID_ServiceEndpoint or null if the
* document cannot be parsed.
*/
- function fromXRDS($uri, $xrds_text)
+ function consumerFromXRDS($uri, $xrds_text)
{
$xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
if ($xrds) {
$yadis_services =
+ $xrds->services(array('filter_MatchesAnyOpenIDConsumerType'));
+ return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
+ }
+
+ return null;
+ }
+
+ /*
+ * Parse the given document as XRDS looking for OpenID services.
+ *
+ * @return array of Auth_OpenID_ServiceEndpoint or null if the
+ * document cannot be parsed.
+ */
+ static function fromXRDS($uri, $xrds_text)
+ {
+ $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text);
+
+ if ($xrds) {
+ $yadis_services =
$xrds->services(array('filter_MatchesAnyOpenIDType'));
return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
}
@@ -197,7 +242,7 @@ class Auth_OpenID_ServiceEndpoint {
* @return array of Auth_OpenID_ServiceEndpoint or null if
* endpoints cannot be created.
*/
- function fromDiscoveryResult($discoveryResult)
+ static function fromDiscoveryResult($discoveryResult)
{
if ($discoveryResult->isXRDS()) {
return Auth_OpenID_ServiceEndpoint::fromXRDS(
@@ -210,7 +255,7 @@ class Auth_OpenID_ServiceEndpoint {
}
}
- function fromHTML($uri, $html)
+ static function fromHTML($uri, $html)
{
$discovery_types = array(
array(Auth_OpenID_TYPE_2_0,
@@ -273,7 +318,7 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
$service->parser->registerNamespace('xrd',
Auth_Yadis_XMLNS_XRD_2_0);
- $parser =& $service->parser;
+ $parser = $service->parser;
$permitted_tags = array();
@@ -305,7 +350,7 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
return $local_id;
}
-function filter_MatchesAnyOpenIDType(&$service)
+function filter_MatchesAnyOpenIDType($service)
{
$uris = $service->getTypes();
@@ -318,6 +363,19 @@ function filter_MatchesAnyOpenIDType(&$service)
return false;
}
+function filter_MatchesAnyOpenIDConsumerType(&$service)
+{
+ $uris = $service->getTypes();
+
+ foreach ($uris as $uri) {
+ if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
function Auth_OpenID_bestMatchingService($service, $preferred_types)
{
// Return the index of the first matching type, or something
@@ -415,7 +473,7 @@ function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services)
return $s;
}
-function Auth_OpenID_discoverWithYadis($uri, &$fetcher,
+function Auth_OpenID_discoverWithYadis($uri, $fetcher,
$endpoint_filter='Auth_OpenID_getOPOrUserServices',
$discover_function=null)
{
@@ -433,12 +491,12 @@ function Auth_OpenID_discoverWithYadis($uri, &$fetcher,
$openid_services = array();
$response = call_user_func_array($discover_function,
- array($uri, &$fetcher));
+ array($uri, $fetcher));
$yadis_url = $response->normalized_uri;
$yadis_services = array();
- if ($response->isFailure()) {
+ if ($response->isFailure() && !$response->isXRDS()) {
return array($uri, array());
}
@@ -460,18 +518,18 @@ function Auth_OpenID_discoverWithYadis($uri, &$fetcher,
}
$openid_services = call_user_func_array($endpoint_filter,
- array(&$openid_services));
+ array($openid_services));
return array($yadis_url, $openid_services);
}
-function Auth_OpenID_discoverURI($uri, &$fetcher)
+function Auth_OpenID_discoverURI($uri, $fetcher)
{
$uri = Auth_OpenID::normalizeUrl($uri);
return Auth_OpenID_discoverWithYadis($uri, $fetcher);
}
-function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher)
+function Auth_OpenID_discoverWithoutYadis($uri, $fetcher)
{
$http_resp = @$fetcher->get($uri);
@@ -490,7 +548,7 @@ function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher)
return array($identity_url, $openid_services);
}
-function Auth_OpenID_discoverXRI($iname, &$fetcher)
+function Auth_OpenID_discoverXRI($iname, $fetcher)
{
$resolver = new Auth_Yadis_ProxyResolver($fetcher);
list($canonicalID, $yadis_services) =
@@ -513,7 +571,7 @@ function Auth_OpenID_discoverXRI($iname, &$fetcher)
return array($iname, $openid_services);
}
-function Auth_OpenID_discover($uri, &$fetcher)
+function Auth_OpenID_discover($uri, $fetcher)
{
// If the fetcher (i.e., PHP) doesn't support SSL, we can't do
// discovery on an HTTPS URL.
@@ -545,4 +603,4 @@ function Auth_OpenID_discover($uri, &$fetcher)
return $result;
}
-?>
+
diff --git a/extlib/Auth/OpenID/DumbStore.php b/extlib/Auth/OpenID/DumbStore.php
index 22fd2d366..e8f29ace5 100644
--- a/extlib/Auth/OpenID/DumbStore.php
+++ b/extlib/Auth/OpenID/DumbStore.php
@@ -97,4 +97,3 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/Extension.php b/extlib/Auth/OpenID/Extension.php
index f362a4b38..c4e38c038 100644
--- a/extlib/Auth/OpenID/Extension.php
+++ b/extlib/Auth/OpenID/Extension.php
@@ -39,7 +39,7 @@ class Auth_OpenID_Extension {
*
* Returns the message with the extension arguments added.
*/
- function toMessage(&$message)
+ function toMessage($message)
{
$implicit = $message->isOpenID1();
$added = $message->namespaces->addAlias($this->ns_uri,
@@ -59,4 +59,3 @@ class Auth_OpenID_Extension {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/FileStore.php b/extlib/Auth/OpenID/FileStore.php
index 29d8d20e7..074421a0b 100644
--- a/extlib/Auth/OpenID/FileStore.php
+++ b/extlib/Auth/OpenID/FileStore.php
@@ -367,7 +367,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
}
if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
- return False;
+ return false;
}
if ($server_url) {
@@ -519,7 +519,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
/**
* @access private
*/
- function _mkdtemp($dir)
+ static function _mkdtemp($dir)
{
foreach (range(0, 4) as $i) {
$name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) .
@@ -615,4 +615,4 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
}
}
-?>
+
diff --git a/extlib/Auth/OpenID/HMAC.php b/extlib/Auth/OpenID/HMAC.php
index ec42db8df..e9779bd4e 100644
--- a/extlib/Auth/OpenID/HMAC.php
+++ b/extlib/Auth/OpenID/HMAC.php
@@ -96,4 +96,3 @@ if (function_exists('hash_hmac') &&
define('Auth_OpenID_HMACSHA256_SUPPORTED', false);
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/Interface.php b/extlib/Auth/OpenID/Interface.php
index f4c6062f8..eca6b9c50 100644
--- a/extlib/Auth/OpenID/Interface.php
+++ b/extlib/Auth/OpenID/Interface.php
@@ -194,4 +194,3 @@ class Auth_OpenID_OpenIDStore {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/KVForm.php b/extlib/Auth/OpenID/KVForm.php
index fb342a001..dd02661d8 100644
--- a/extlib/Auth/OpenID/KVForm.php
+++ b/extlib/Auth/OpenID/KVForm.php
@@ -26,7 +26,7 @@ class Auth_OpenID_KVForm {
* @static
* @access private
*/
- function toArray($kvs, $strict=false)
+ static function toArray($kvs, $strict=false)
{
$lines = explode("\n", $kvs);
@@ -78,7 +78,7 @@ class Auth_OpenID_KVForm {
* @static
* @access private
*/
- function fromArray($values)
+ static function fromArray($values)
{
if ($values === null) {
return null;
@@ -109,4 +109,3 @@ class Auth_OpenID_KVForm {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/MemcachedStore.php b/extlib/Auth/OpenID/MemcachedStore.php
index d357c6b11..fc10800b1 100644
--- a/extlib/Auth/OpenID/MemcachedStore.php
+++ b/extlib/Auth/OpenID/MemcachedStore.php
@@ -205,4 +205,3 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/Message.php b/extlib/Auth/OpenID/Message.php
index 5ab115a86..9aa1fa468 100644
--- a/extlib/Auth/OpenID/Message.php
+++ b/extlib/Auth/OpenID/Message.php
@@ -143,7 +143,7 @@ class Auth_OpenID_Mapping {
* Returns true if $thing is an Auth_OpenID_Mapping object; false
* if not.
*/
- function isA($thing)
+ static function isA($thing)
{
return (is_object($thing) &&
strtolower(get_class($thing)) == 'auth_openid_mapping');
@@ -442,7 +442,7 @@ class Auth_OpenID_Message {
return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS;
}
- function fromPostArgs($args)
+ static function fromPostArgs($args)
{
// Construct a Message containing a set of POST arguments
$obj = new Auth_OpenID_Message();
@@ -477,7 +477,7 @@ class Auth_OpenID_Message {
}
}
- function fromOpenIDArgs($openid_args)
+ static function fromOpenIDArgs($openid_args)
{
// Takes an array.
@@ -594,7 +594,7 @@ class Auth_OpenID_Message {
return $this->_openid_ns_uri;
}
- function fromKVForm($kvform_string)
+ static function fromKVForm($kvform_string)
{
// Create a Message from a KVForm string
return Auth_OpenID_Message::fromOpenIDArgs(
@@ -917,4 +917,4 @@ class Auth_OpenID_Message {
}
}
-?>
+
diff --git a/extlib/Auth/OpenID/MySQLStore.php b/extlib/Auth/OpenID/MySQLStore.php
index eb08af016..810f059f1 100644
--- a/extlib/Auth/OpenID/MySQLStore.php
+++ b/extlib/Auth/OpenID/MySQLStore.php
@@ -75,4 +75,3 @@ class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/Nonce.php b/extlib/Auth/OpenID/Nonce.php
index effecac38..b83c5911f 100644
--- a/extlib/Auth/OpenID/Nonce.php
+++ b/extlib/Auth/OpenID/Nonce.php
@@ -106,4 +106,3 @@ function Auth_OpenID_mkNonce($when = null)
return $time_str . $salt;
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/PAPE.php b/extlib/Auth/OpenID/PAPE.php
index 62cba8a91..f08ca8bd0 100644
--- a/extlib/Auth/OpenID/PAPE.php
+++ b/extlib/Auth/OpenID/PAPE.php
@@ -21,7 +21,7 @@ define('PAPE_AUTH_PHISHING_RESISTANT',
'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
define('PAPE_TIME_VALIDATOR',
- '^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$');
+ '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
/**
* A Provider Authentication Policy request, sent from a relying party
* to a provider
@@ -82,7 +82,7 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
* Instantiate a Request object from the arguments in a checkid_*
* OpenID message
*/
- function fromOpenIDRequest($request)
+ static function fromOpenIDRequest($request)
{
$obj = new Auth_OpenID_PAPE_Request();
$args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
@@ -201,7 +201,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
* @returns: A provider authentication policy response from the
* data that was supplied with the id_res response.
*/
- function fromSuccessResponse($success_response)
+ static function fromSuccessResponse($success_response)
{
$obj = new Auth_OpenID_PAPE_Response();
@@ -262,7 +262,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
$auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
if ($auth_time !== null) {
- if (ereg(PAPE_TIME_VALIDATOR, $auth_time)) {
+ if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
$this->auth_time = $auth_time;
} else if ($strict) {
return false;
@@ -287,7 +287,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
}
if ($this->auth_time !== null) {
- if (!ereg(PAPE_TIME_VALIDATOR, $this->auth_time)) {
+ if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
return false;
}
@@ -298,4 +298,3 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/Parse.php b/extlib/Auth/OpenID/Parse.php
index 546f34f6b..6c2e72169 100644
--- a/extlib/Auth/OpenID/Parse.php
+++ b/extlib/Auth/OpenID/Parse.php
@@ -101,7 +101,7 @@ class Auth_OpenID_Parse {
* Starts with the tag name at a word boundary, where the tag name
* is not a namespace
*/
- var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*?)(?:<\/?%s\s*>|\Z))";
+ var $_tag_expr = "<%s\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?%s\s*>|\Z))";
var $_attr_find = '\b(\w+)=("[^"]*"|\'[^\']*\'|[^\'"\s\/<>]+)';
@@ -215,11 +215,31 @@ class Auth_OpenID_Parse {
return $str;
}
}
+
+ function match($regexp, $text, &$match)
+ {
+ if (!is_callable('mb_ereg_search_init')) {
+ return preg_match($regexp, $text, $match);
+ }
+
+ $regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
+ mb_ereg_search_init($text);
+ if (!mb_ereg_search($regexp)) {
+ return false;
+ }
+ list($match) = mb_ereg_search_getregs();
+ return true;
+ }
/**
* Find all link tags in a string representing a HTML document and
* return a list of their attributes.
*
+ * @todo This is quite ineffective and may fail with the default
+ * pcre.backtrack_limit of 100000 in PHP 5.2, if $html is big.
+ * It should rather use stripos (in PHP5) or strpos()+strtoupper()
+ * in PHP4 to manage this.
+ *
* @param string $html The text to parse
* @return array $list An array of arrays of attributes, one for each
* link tag
@@ -244,18 +264,23 @@ class Auth_OpenID_Parse {
$stripped = substr($stripped, $html_begin,
$html_end - $html_begin);
+ // Workaround to prevent PREG_BACKTRACK_LIMIT_ERROR:
+ $old_btlimit = ini_set( 'pcre.backtrack_limit', -1 );
+
// Try to find the <HEAD> tag.
$head_re = $this->headFind();
- $head_matches = array();
- if (!preg_match($head_re, $stripped, $head_matches)) {
- return array();
+ $head_match = '';
+ if (!$this->match($head_re, $stripped, $head_match)) {
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
+ return array();
}
$link_data = array();
$link_matches = array();
- if (!preg_match_all($this->_link_find, $head_matches[0],
+ if (!preg_match_all($this->_link_find, $head_match,
$link_matches)) {
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
return array();
}
@@ -273,6 +298,7 @@ class Auth_OpenID_Parse {
$link_data[] = $link_attrs;
}
+ ini_set( 'pcre.backtrack_limit', $old_btlimit );
return $link_data;
}
@@ -349,4 +375,3 @@ function Auth_OpenID_legacy_discover($html_text, $server_rel,
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/PostgreSQLStore.php b/extlib/Auth/OpenID/PostgreSQLStore.php
index 69d95e7b8..d90e43e00 100644
--- a/extlib/Auth/OpenID/PostgreSQLStore.php
+++ b/extlib/Auth/OpenID/PostgreSQLStore.php
@@ -110,4 +110,3 @@ class Auth_OpenID_PostgreSQLStore extends Auth_OpenID_SQLStore {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/SQLStore.php b/extlib/Auth/OpenID/SQLStore.php
index da93c6aa2..c04059732 100644
--- a/extlib/Auth/OpenID/SQLStore.php
+++ b/extlib/Auth/OpenID/SQLStore.php
@@ -14,16 +14,6 @@
*/
/**
- * Require the PEAR DB module because we'll need it for the SQL-based
- * stores implemented here. We silence any errors from the inclusion
- * because it might not be present, and a user of the SQL stores may
- * supply an Auth_OpenID_DatabaseConnection instance that implements
- * its own storage.
- */
-global $__Auth_OpenID_PEAR_AVAILABLE;
-$__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php';
-
-/**
* @access private
*/
require_once 'Auth/OpenID/Interface.php';
@@ -89,8 +79,6 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
$associations_table = null,
$nonces_table = null)
{
- global $__Auth_OpenID_PEAR_AVAILABLE;
-
$this->associations_table_name = "oid_associations";
$this->nonces_table_name = "oid_nonces";
@@ -113,7 +101,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
// constant, so only try to use it if PEAR is present. Note
// that Auth_Openid_Databaseconnection instances need not
// implement ::setFetchMode for this reason.
- if ($__Auth_OpenID_PEAR_AVAILABLE) {
+ if (is_subclass_of($this->connection, 'db_common')) {
$this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
}
@@ -482,7 +470,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
global $Auth_OpenID_SKEW;
if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
- return False;
+ return false;
}
return $this->_add_nonce($server_url, $timestamp, $salt);
@@ -566,4 +554,4 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
}
}
-?>
+
diff --git a/extlib/Auth/OpenID/SQLiteStore.php b/extlib/Auth/OpenID/SQLiteStore.php
index ec2bf58e4..4558fa1c3 100644
--- a/extlib/Auth/OpenID/SQLiteStore.php
+++ b/extlib/Auth/OpenID/SQLiteStore.php
@@ -68,4 +68,3 @@ class Auth_OpenID_SQLiteStore extends Auth_OpenID_SQLStore {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/SReg.php b/extlib/Auth/OpenID/SReg.php
index 63280769f..5ece70724 100644
--- a/extlib/Auth/OpenID/SReg.php
+++ b/extlib/Auth/OpenID/SReg.php
@@ -94,7 +94,7 @@ Auth_OpenID_registerNamespaceAlias(Auth_OpenID_SREG_NS_URI_1_1, 'sreg');
* $endpoint: The endpoint object as returned by OpenID discovery.
* returns whether an sreg type was advertised by the endpoint
*/
-function Auth_OpenID_supportsSReg(&$endpoint)
+function Auth_OpenID_supportsSReg($endpoint)
{
return ($endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_1) ||
$endpoint->usesExtension(Auth_OpenID_SREG_NS_URI_1_0));
@@ -122,7 +122,7 @@ class Auth_OpenID_SRegBase extends Auth_OpenID_Extension {
*
* @access private
*/
- function _getSRegNS(&$message)
+ static function _getSRegNS($message)
{
$alias = null;
$found_ns_uri = null;
@@ -173,7 +173,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
/**
* Initialize an empty simple registration request.
*/
- function build($required=null, $optional=null,
+ static function build($required=null, $optional=null,
$policy_url=null,
$sreg_ns_uri=Auth_OpenID_SREG_NS_URI,
$cls='Auth_OpenID_SRegRequest')
@@ -213,7 +213,7 @@ class Auth_OpenID_SRegRequest extends Auth_OpenID_SRegBase {
*
* Returns the newly created simple registration request
*/
- function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
+ static function fromOpenIDRequest($request, $cls='Auth_OpenID_SRegRequest')
{
$obj = call_user_func_array(array($cls, 'build'),
@@ -442,7 +442,7 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
* string (unicode) value. For instance, the nickname should be
* stored under the key 'nickname'.
*/
- function extractResponse($request, $data)
+ static function extractResponse($request, $data)
{
$obj = new Auth_OpenID_SRegResponse();
$obj->ns_uri = $request->ns_uri;
@@ -471,7 +471,7 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
* Returns a simple registration response containing the data that
* was supplied with the C{id_res} response.
*/
- function fromSuccessResponse(&$success_response, $signed_only=true)
+ static function fromSuccessResponse($success_response, $signed_only=true)
{
global $Auth_OpenID_sreg_data_fields;
@@ -518,4 +518,4 @@ class Auth_OpenID_SRegResponse extends Auth_OpenID_SRegBase {
}
}
-?>
+
diff --git a/extlib/Auth/OpenID/Server.php b/extlib/Auth/OpenID/Server.php
index f1db4d872..cc8ba961c 100644
--- a/extlib/Auth/OpenID/Server.php
+++ b/extlib/Auth/OpenID/Server.php
@@ -43,7 +43,7 @@
* consumers to add extensions to their requests. For example, with
* sites using the Simple Registration
* Extension
- * (http://www.openidenabled.com/openid/simple-registration-extension/),
+ * (http://openid.net/specs/openid-simple-registration-extension-1_0.html),
* a user can agree to have their nickname and e-mail address sent to
* a site when they sign up.
*
@@ -365,7 +365,7 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request {
$this->message = null;
}
- function fromMessage($message, $server=null)
+ static function fromMessage($message, $server=null)
{
$required_keys = array('assoc_handle', 'sig', 'signed');
@@ -396,7 +396,7 @@ class Auth_OpenID_CheckAuthRequest extends Auth_OpenID_Request {
return $result;
}
- function answer(&$signatory)
+ function answer($signatory)
{
$is_valid = $signatory->verify($this->assoc_handle, $this->signed);
@@ -436,7 +436,7 @@ class Auth_OpenID_PlainTextServerSession {
var $needs_math = false;
var $allowed_assoc_types = array('HMAC-SHA1', 'HMAC-SHA256');
- function fromMessage($unused_request)
+ static function fromMessage($unused_request)
{
return new Auth_OpenID_PlainTextServerSession();
}
@@ -469,7 +469,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
$this->consumer_pubkey = $consumer_pubkey;
}
- function getDH($message)
+ static function getDH($message)
{
$dh_modulus = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_modulus');
$dh_gen = $message->getArg(Auth_OpenID_OPENID_NS, 'dh_gen');
@@ -489,7 +489,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
$missing);
}
- $lib =& Auth_OpenID_getMathLib();
+ $lib = Auth_OpenID_getMathLib();
if ($dh_modulus || $dh_gen) {
$dh_modulus = $lib->base64ToLong($dh_modulus);
@@ -523,7 +523,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
return array($dh, $consumer_pubkey);
}
- function fromMessage($message)
+ static function fromMessage($message)
{
$result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
@@ -538,7 +538,7 @@ class Auth_OpenID_DiffieHellmanSHA1ServerSession {
function answer($secret)
{
- $lib =& Auth_OpenID_getMathLib();
+ $lib = Auth_OpenID_getMathLib();
$mac_key = $this->dh->xorSecret($this->consumer_pubkey, $secret,
$this->hash_func);
return array(
@@ -560,7 +560,7 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession
var $hash_func = 'Auth_OpenID_SHA256';
var $allowed_assoc_types = array('HMAC-SHA256');
- function fromMessage($message)
+ static function fromMessage($message)
{
$result = Auth_OpenID_DiffieHellmanSHA1ServerSession::getDH($message);
@@ -582,7 +582,7 @@ class Auth_OpenID_DiffieHellmanSHA256ServerSession
class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
var $mode = "associate";
- function getSessionClasses()
+ static function getSessionClasses()
{
return array(
'no-encryption' => 'Auth_OpenID_PlainTextServerSession',
@@ -590,14 +590,14 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
'DH-SHA256' => 'Auth_OpenID_DiffieHellmanSHA256ServerSession');
}
- function Auth_OpenID_AssociateRequest(&$session, $assoc_type)
+ function Auth_OpenID_AssociateRequest($session, $assoc_type)
{
- $this->session =& $session;
+ $this->session = $session;
$this->namespace = Auth_OpenID_OPENID2_NS;
$this->assoc_type = $assoc_type;
}
- function fromMessage($message, $server=null)
+ static function fromMessage($message, $server=null)
{
if ($message->isOpenID1()) {
$session_type = $message->getArg(Auth_OpenID_OPENID_NS,
@@ -696,7 +696,7 @@ class Auth_OpenID_AssociateRequest extends Auth_OpenID_Request {
'session_type',
$preferred_session_type);
}
-
+ $response->code = AUTH_OPENID_HTTP_ERROR;
return $response;
}
}
@@ -734,7 +734,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
*/
var $namespace;
- function make(&$message, $identity, $return_to, $trust_root = null,
+ static function make($message, $identity, $return_to, $trust_root = null,
$immediate = false, $assoc_handle = null, $server = null)
{
if ($server === null) {
@@ -752,7 +752,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
$assoc_handle, $server);
$r->namespace = $message->getOpenIDNamespace();
- $r->message =& $message;
+ $r->message = $message;
if (!$r->trustRootValid()) {
return new Auth_OpenID_UntrustedReturnURL($message,
@@ -778,7 +778,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
}
$this->return_to = $return_to;
$this->trust_root = $trust_root;
- $this->server =& $server;
+ $this->server = $server;
if ($immediate) {
$this->immediate = true;
@@ -817,11 +817,12 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
*/
function returnToVerified()
{
+ $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
return call_user_func_array($this->verifyReturnTo,
- array($this->trust_root, $this->return_to));
+ array($this->trust_root, $this->return_to, $fetcher));
}
-
- function fromMessage(&$message, $server)
+
+ static function fromMessage($message, $server)
{
$mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
$immediate = null;
@@ -1097,7 +1098,7 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
in OpenID 1.x immediate mode.');
}
- $setup_request =& new Auth_OpenID_CheckIDRequest(
+ $setup_request = new Auth_OpenID_CheckIDRequest(
$this->identity,
$this->return_to,
$this->trust_root,
@@ -1183,9 +1184,9 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request {
*/
class Auth_OpenID_ServerResponse {
- function Auth_OpenID_ServerResponse(&$request)
+ function Auth_OpenID_ServerResponse($request)
{
- $this->request =& $request;
+ $this->request = $request;
$this->fields = new Auth_OpenID_Message($this->request->namespace);
}
@@ -1310,10 +1311,10 @@ class Auth_OpenID_Signatory {
/**
* Create a new signatory using a given store.
*/
- function Auth_OpenID_Signatory(&$store)
+ function Auth_OpenID_Signatory($store)
{
// assert store is not None
- $this->store =& $store;
+ $this->store = $store;
}
/**
@@ -1447,7 +1448,7 @@ class Auth_OpenID_Encoder {
* Encode an {@link Auth_OpenID_ServerResponse} and return an
* {@link Auth_OpenID_WebResponse}.
*/
- function encode(&$response)
+ function encode($response)
{
$cls = $this->responseFactory;
@@ -1463,10 +1464,14 @@ class Auth_OpenID_Encoder {
array('location' => $location));
} else if ($encode_as == Auth_OpenID_ENCODE_HTML_FORM) {
$wr = new $cls(AUTH_OPENID_HTTP_OK, array(),
- $response->toFormMarkup());
+ $response->toHTML());
} else {
return new Auth_OpenID_EncodingError($response);
}
+ /* Allow the response to carry a custom error code (ex: for Association errors) */
+ if(isset($response->code)) {
+ $wr->code = $response->code;
+ }
return $wr;
}
}
@@ -1478,16 +1483,16 @@ class Auth_OpenID_Encoder {
*/
class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder {
- function Auth_OpenID_SigningEncoder(&$signatory)
+ function Auth_OpenID_SigningEncoder($signatory)
{
- $this->signatory =& $signatory;
+ $this->signatory = $signatory;
}
/**
* Sign an {@link Auth_OpenID_ServerResponse} and return an
* {@link Auth_OpenID_WebResponse}.
*/
- function encode(&$response)
+ function encode($response)
{
// the isinstance is a bit of a kludge... it means there isn't
// really an adapter to make the interfaces quite match.
@@ -1516,9 +1521,9 @@ class Auth_OpenID_SigningEncoder extends Auth_OpenID_Encoder {
*/
class Auth_OpenID_Decoder {
- function Auth_OpenID_Decoder(&$server)
+ function Auth_OpenID_Decoder($server)
{
- $this->server =& $server;
+ $this->server = $server;
$this->handlers = array(
'checkid_setup' => 'Auth_OpenID_CheckIDRequest',
@@ -1599,9 +1604,9 @@ class Auth_OpenID_Decoder {
* @package OpenID
*/
class Auth_OpenID_EncodingError {
- function Auth_OpenID_EncodingError(&$response)
+ function Auth_OpenID_EncodingError($response)
{
- $this->response =& $response;
+ $this->response = $response;
}
}
@@ -1674,14 +1679,14 @@ class Auth_OpenID_UntrustedReturnURL extends Auth_OpenID_ServerError {
* @package OpenID
*/
class Auth_OpenID_Server {
- function Auth_OpenID_Server(&$store, $op_endpoint=null)
+ function Auth_OpenID_Server($store, $op_endpoint=null)
{
- $this->store =& $store;
- $this->signatory =& new Auth_OpenID_Signatory($this->store);
- $this->encoder =& new Auth_OpenID_SigningEncoder($this->signatory);
- $this->decoder =& new Auth_OpenID_Decoder($this);
+ $this->store = $store;
+ $this->signatory = new Auth_OpenID_Signatory($this->store);
+ $this->encoder = new Auth_OpenID_SigningEncoder($this->signatory);
+ $this->decoder = new Auth_OpenID_Decoder($this);
$this->op_endpoint = $op_endpoint;
- $this->negotiator =& Auth_OpenID_getDefaultNegotiator();
+ $this->negotiator = Auth_OpenID_getDefaultNegotiator();
}
/**
@@ -1699,7 +1704,7 @@ class Auth_OpenID_Server {
{
if (method_exists($this, "openid_" . $request->mode)) {
$handler = array($this, "openid_" . $request->mode);
- return call_user_func($handler, $request);
+ return call_user_func($handler, &$request);
}
return null;
}
@@ -1707,7 +1712,7 @@ class Auth_OpenID_Server {
/**
* The callback for 'check_authentication' messages.
*/
- function openid_check_authentication(&$request)
+ function openid_check_authentication($request)
{
return $request->answer($this->signatory);
}
@@ -1715,7 +1720,7 @@ class Auth_OpenID_Server {
/**
* The callback for 'associate' messages.
*/
- function openid_associate(&$request)
+ function openid_associate($request)
{
$assoc_type = $request->assoc_type;
$session_type = $request->session->session_type;
@@ -1738,7 +1743,7 @@ class Auth_OpenID_Server {
* Encodes as response in the appropriate format suitable for
* sending to the user agent.
*/
- function encodeResponse(&$response)
+ function encodeResponse($response)
{
return $this->encoder->encode($response);
}
@@ -1757,4 +1762,4 @@ class Auth_OpenID_Server {
}
}
-?>
+
diff --git a/extlib/Auth/OpenID/ServerRequest.php b/extlib/Auth/OpenID/ServerRequest.php
index 33a8556ce..69222a5e0 100644
--- a/extlib/Auth/OpenID/ServerRequest.php
+++ b/extlib/Auth/OpenID/ServerRequest.php
@@ -34,4 +34,3 @@ class Auth_OpenID_ServerRequest {
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/TrustRoot.php b/extlib/Auth/OpenID/TrustRoot.php
index 4919a6065..000440b58 100644
--- a/extlib/Auth/OpenID/TrustRoot.php
+++ b/extlib/Auth/OpenID/TrustRoot.php
@@ -58,7 +58,7 @@ class Auth_OpenID_TrustRoot {
* @return The URL upon which relying party discovery should be
* run in order to verify the return_to URL
*/
- function buildDiscoveryURL($realm)
+ static function buildDiscoveryURL($realm)
{
$parsed = Auth_OpenID_TrustRoot::_parse($realm);
@@ -93,7 +93,7 @@ class Auth_OpenID_TrustRoot {
* @return mixed $parsed Either an associative array of trust root
* parts or false if parsing failed.
*/
- function _parse($trust_root)
+ static function _parse($trust_root)
{
$trust_root = Auth_OpenID_urinorm($trust_root);
if ($trust_root === null) {
@@ -199,7 +199,7 @@ class Auth_OpenID_TrustRoot {
* @param string $trust_root The trust root to check
* @return bool $sanity Whether the trust root looks OK
*/
- function isSane($trust_root)
+ static function isSane($trust_root)
{
$parts = Auth_OpenID_TrustRoot::_parse($trust_root);
if ($parts === false) {
@@ -269,7 +269,7 @@ class Auth_OpenID_TrustRoot {
* @return bool $matches Whether the URL matches against the
* trust root
*/
- function match($trust_root, $url)
+ static function match($trust_root, $url)
{
$trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root);
$url_parsed = Auth_OpenID_TrustRoot::_parse($url);
@@ -341,7 +341,7 @@ class Auth_OpenID_TrustRoot {
* @returns: The endpoint URL or None if the endpoint is not a
* relying party endpoint.
*/
-function filter_extractReturnURL(&$endpoint)
+function filter_extractReturnURL($endpoint)
{
if ($endpoint->matchTypes(array(Auth_OpenID_RP_RETURN_TO_URL_TYPE))) {
return $endpoint;
@@ -394,14 +394,14 @@ function Auth_OpenID_returnToMatches($allowed_return_to_urls, $return_to)
* Given a relying party discovery URL return a list of return_to
* URLs.
*/
-function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher,
+function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher,
$discover_function=null)
{
if ($discover_function === null) {
$discover_function = array('Auth_Yadis_Yadis', 'discover');
}
- $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'fromXRDS');
+ $xrds_parse_cb = array('Auth_OpenID_ServiceEndpoint', 'consumerFromXRDS');
list($rp_url_after_redirects, $endpoints) =
Auth_Yadis_getServiceEndpoints($relying_party_url, $xrds_parse_cb,
@@ -413,7 +413,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher,
}
call_user_func_array($discover_function,
- array($relying_party_url, $fetcher));
+ array($relying_party_url, &$fetcher));
$return_to_urls = array();
$matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);
@@ -435,7 +435,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, &$fetcher,
*
* @return true if the return_to URL is valid for the realm
*/
-function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher,
+function Auth_OpenID_verifyReturnTo($realm_str, $return_to, $fetcher,
$_vrfy='Auth_OpenID_getAllowedReturnURLs')
{
$disco_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm_str);
@@ -445,7 +445,7 @@ function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher,
}
$allowable_urls = call_user_func_array($_vrfy,
- array($disco_url, &$fetcher));
+ array($disco_url, $fetcher));
// The realm_str could not be parsed.
if ($allowable_urls === false) {
@@ -459,4 +459,3 @@ function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher,
}
}
-?> \ No newline at end of file
diff --git a/extlib/Auth/OpenID/URINorm.php b/extlib/Auth/OpenID/URINorm.php
index f821d836a..c051b550a 100644
--- a/extlib/Auth/OpenID/URINorm.php
+++ b/extlib/Auth/OpenID/URINorm.php
@@ -246,4 +246,4 @@ function Auth_OpenID_urinorm($uri)
return $scheme . '://' . $authority . $path . $query . $fragment;
}
-?>
+