My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 12: Regex parsing of XRD XML matches wrong entries
2 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  ----
Closed:  Oct 2010


 
Reported by brion.vi...@gmail.com, Oct 28, 2010
This library appears to be doing XML parsing with regular expressions instead of an XML parser for its XRD discovery:

   $ns = preg_quote('http://specs.openid.net/auth/2.0/');
   if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'(.*?)\s*</Type>(.*)</Service>#s', $content, $m)) {

This fails dramatically if the discovery information contains other entries, matching a large swatch of the document instead of just the relevant entries for OpenID.

The result is that attempting to authenticate against a site such as identi.ca which offers other services such as OAuth in that same XRD ends up breaking, for instance by sending you off to the OAuth requesttoken URL instead of the OpenID endpoint.

Oct 30, 2010
Project Member #1 mewp...@gmail.com
I've tested discovery with identi.ca, and was able to reproduce the bug.

It wasn't related to the problem you have described, but I have fixed both the one here, and the one causing that problem.

It's still using regular expressions - I avoid using a full xml parser unless it's necessary, because parsing with regular expressions is generally faster.
Status: Fixed
Oct 30, 2010
#2 mich...@fluidware.it
I've update lightopenid but I still can't authenticate myself against identi.ca
This is a fresh git clone: www.macno.org/test/lightopenid/example.php


Powered by Google Project Hosting