diff --git a/lib/Auth/OpenID/Consumer.php b/lib/Auth/OpenID/Consumer.php
index bffed4d62e8694b0fc40234af6ba0d94997c7c51..d562e33f354823498e55109b8670256e92672093 100644
--- a/lib/Auth/OpenID/Consumer.php
+++ b/lib/Auth/OpenID/Consumer.php
@@ -1183,9 +1183,11 @@ class Auth_OpenID_GenericConsumer {
function _discoverAndVerify($claimed_id, $to_match_endpoints)
{
// oidutil.log('Performing discovery on %s' % (claimed_id,))
- list($unused, $services) = call_user_func($this->discoverMethod,
- $claimed_id,
- &$this->fetcher);
+ list($unused, $services) = call_user_func_array($this->discoverMethod,
+ array(
+ $claimed_id,
+ &$this->fetcher,
+ ));
if (!$services) {
return new Auth_OpenID_FailureResponse(null,
diff --git a/lib/Auth/OpenID/MySQLStore.php b/lib/Auth/OpenID/MySQLStore.php
index 810f059f1dfcc74ac5df6145e63e049e75a75244..a5299b3a5cdce35f9265f7b8109044ad265cd454 100644
--- a/lib/Auth/OpenID/MySQLStore.php
+++ b/lib/Auth/OpenID/MySQLStore.php
@@ -32,7 +32,7 @@ class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
$this->sql['assoc_table'] =
"CREATE TABLE %s (\n".
- " server_url BLOB NOT NULL,\n".
+ " server_url VARCHAR(2047) NOT NULL,\n".
" handle VARCHAR(255) NOT NULL,\n".
" secret BLOB NOT NULL,\n".
" issued INTEGER NOT NULL,\n".
diff --git a/lib/Auth/OpenID/Parse.php b/lib/Auth/OpenID/Parse.php
index c81cb0103fae7ca974e57de34d40e12979a025b2..0461bdcff7a065078b684c779ba88c6e02d4245b 100644
--- a/lib/Auth/OpenID/Parse.php
+++ b/lib/Auth/OpenID/Parse.php
@@ -219,7 +219,11 @@ class Auth_OpenID_Parse {
function match($regexp, $text, &$match)
{
if (!is_callable('mb_ereg_search_init')) {
- return preg_match($regexp, $text, $match);
+ if (!preg_match($regexp, $text, $match)) {
+ return false;
+ }
+ $match = $match[0];
+ return true;
}
$regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
diff --git a/lib/Auth/OpenID/Server.php b/lib/Auth/OpenID/Server.php
index fb7cc39d291fa6d903a8b609228ffe68ef3f2112..9887d1e8d8d99c8b8c759d5c0c76b312dcb0c037 100644
--- a/lib/Auth/OpenID/Server.php
+++ b/lib/Auth/OpenID/Server.php
@@ -1704,7 +1704,7 @@ class Auth_OpenID_Server {
{
if (method_exists($this, "openid_" . $request->mode)) {
$handler = array($this, "openid_" . $request->mode);
- return call_user_func($handler, &$request);
+ return call_user_func_array($handler, array($request));
}
return null;
}
diff --git a/lib/Auth/Yadis/Manager.php b/lib/Auth/Yadis/Manager.php
index ee6f68bcb69fb7aa46a37b4e25bab27cd5d0b1e8..3f54fd0bcd908eab5f3037567fc3e5bf77f437f5 100644
--- a/lib/Auth/Yadis/Manager.php
+++ b/lib/Auth/Yadis/Manager.php
@@ -411,9 +411,11 @@ class Auth_Yadis_Discovery {
if (!$manager || (!$manager->services)) {
$this->destroyManager();
- list($yadis_url, $services) = call_user_func($discover_cb,
- $this->url,
- &$fetcher);
+ list($yadis_url, $services) = call_user_func_array($discover_cb,
+ array(
+ $this->url,
+ &$fetcher,
+ ));
$manager = $this->createManager($services, $yadis_url);
}
diff --git a/lib/Auth/Yadis/ParanoidHTTPFetcher.php b/lib/Auth/Yadis/ParanoidHTTPFetcher.php
index 4da7c94c0d92e433b9222b8261323834bd7c17ad..c44adfe923f21c6e9ce5416067df7a2e043e1b4b 100644
--- a/lib/Auth/Yadis/ParanoidHTTPFetcher.php
+++ b/lib/Auth/Yadis/ParanoidHTTPFetcher.php
@@ -129,9 +129,19 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
curl_setopt($c, CURLOPT_URL, $url);
if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
}
+
curl_exec($c);
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -153,6 +163,7 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
curl_close($c);
if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
$this->isHTTPS($url)) {
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
'curl/get', $url);
@@ -202,8 +213,17 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
array($this, "_writeData"));
if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
}
curl_exec($c);
@@ -217,7 +237,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
return null;
}
- if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
+ if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
+ $this->isHTTPS($url)) {
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
'curl/post', $url);
}