Issue 12: Regex parsing of XRD XML matches wrong entries
Status:  Fixed
Owner: ----
Closed:  Oct 2010
Reported by brion.vi...@gmail.com, Oct 28, 2010
This library appears to be doing XML parsing with regular expressions instead of an XML parser for its XRD discovery:

   $ns = preg_quote('http://specs.openid.net/auth/2.0/');
   if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'(.*?)\s*</Type>(.*)</Service>#s', $content, $m)) {

This fails dramatically if the discovery information contains other entries, matching a large swatch of the document instead of just the relevant entries for OpenID.

The result is that attempting to authenticate against a site such as identi.ca which offers other services such as OAuth in that same XRD ends up breaking, for instance by sending you off to the OAuth requesttoken URL instead of the OpenID endpoint.

Oct 30, 2010
Project Member #1 mewp...@gmail.com
I've tested discovery with identi.ca, and was able to reproduce the bug.

It wasn't related to the problem you have described, but I have fixed both the one here, and the one causing that problem.

It's still using regular expressions - I avoid using a full xml parser unless it's necessary, because parsing with regular expressions is generally faster.
Status: Fixed
Oct 30, 2010
#2 mich...@fluidware.it
I've update lightopenid but I still can't authenticate myself against identi.ca
This is a fresh git clone: www.macno.org/test/lightopenid/example.php