| Issue 12: | Regex parsing of XRD XML matches wrong entries | |
| 2 people starred this issue and may be notified of changes. | Back to list |
This library appears to be doing XML parsing with regular expressions instead of an XML parser for its XRD discovery:
$ns = preg_quote('http://specs.openid.net/auth/2.0/');
if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'(.*?)\s*</Type>(.*)</Service>#s', $content, $m)) {
This fails dramatically if the discovery information contains other entries, matching a large swatch of the document instead of just the relevant entries for OpenID.
The result is that attempting to authenticate against a site such as identi.ca which offers other services such as OAuth in that same XRD ends up breaking, for instance by sending you off to the OAuth requesttoken URL instead of the OpenID endpoint.
Oct 30, 2010
Project Member
#1
mewp...@gmail.com
Status:
Fixed
Oct 30, 2010
I've update lightopenid but I still can't authenticate myself against identi.ca This is a fresh git clone: www.macno.org/test/lightopenid/example.php |