Issue 2: Possible Erroneous YADIS Discovery
Status:  Invalid
Owner: ----
Closed:  Jul 2010
Reported by alix.axel, Jul 25, 2010
Hi mewp, this is Alix from StackOverflow.

While working on the porting of your library to the phunction framework I've noticed several bugs, one of them was related to several calls in the form of:

`$content = preg_match('...', $content, $...);`

This one seems to be solved with the latest release, but I can still spot one that can produce non-optimal, erroneous YADIS discoveries. Imagine the following scenario:

1) Content-Type: application/xrds+xml is matched.
2) You find a server that uses the http://specs.openid.net/auth/2.0/ namespace, and grab the $server.
3) You'll still try to search (due to the lack of else if) for the http://openid.net/signon/1.1/ namespace (why not also 1.0?), and if you find it, you'll grab the $server again. If you don't it's still inefficient, since you already have a 2.0 URI.

I suggest you either drop the $ns variable altogether and use if ... else if directly, or switch the order of the conditions, that the most preferable URI (2.0) overrides the previously one found (1.1).
Jul 25, 2010
Project Member #1 mewp...@gmail.com
If the OpenID 2.0 namespace is matched, there is no way that the library would still search for OpenID 1.1. It'll either return false[#221], or the server url[#233].

I don't know any provider which uses OpenID 1.0, and doesn't support newer versions, so I don't really see the point in supporting an outdated and unused version.

Also, I don't think you need to port the library -- that way you would lose the ability to (easily) update. It'd be better to just write a wrapper, or something.

  [#221]: http://gitorious.org/lightopenid/lightopenid/blobs/master/openid.php#line221 
  [#233]: http://gitorious.org/lightopenid/lightopenid/blobs/master/openid.php#line233 
Status: Invalid
Jul 25, 2010
#2 alix.axel
Oh yes - silly me, I overlooked the returns!