From 92e1fc043c3d056a07db2aa8d3bee9198812c2ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no>
Date: Thu, 18 Oct 2012 12:10:50 +0000
Subject: [PATCH] OpenID library updated to commit 9a79bd5, except for
lib/Auth/OpenID/Message.php, which introduces a bug with return_to parameter.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3195 44740490-163a-0410-bde0-09ae8108e29a
---
lib/Auth/OpenID/Consumer.php | 8 ++++---
lib/Auth/OpenID/MySQLStore.php | 2 +-
lib/Auth/OpenID/Parse.php | 6 ++++-
lib/Auth/OpenID/Server.php | 2 +-
lib/Auth/Yadis/Manager.php | 8 ++++---
lib/Auth/Yadis/ParanoidHTTPFetcher.php | 32 ++++++++++++++++++++++----
6 files changed, 44 insertions(+), 14 deletions(-)
diff --git a/lib/Auth/OpenID/Consumer.php b/lib/Auth/OpenID/Consumer.php
index bffed4d62..d562e33f3 100644
--- a/lib/Auth/OpenID/Consumer.php
+++ b/lib/Auth/OpenID/Consumer.php
@@ -1183,9 +1183,11 @@ class Auth_OpenID_GenericConsumer {
function _discoverAndVerify($claimed_id, $to_match_endpoints)
{
// oidutil.log('Performing discovery on %s' % (claimed_id,))
- list($unused, $services) = call_user_func($this->discoverMethod,
- $claimed_id,
- &$this->fetcher);
+ list($unused, $services) = call_user_func_array($this->discoverMethod,
+ array(
+ $claimed_id,
+ &$this->fetcher,
+ ));
if (!$services) {
return new Auth_OpenID_FailureResponse(null,
diff --git a/lib/Auth/OpenID/MySQLStore.php b/lib/Auth/OpenID/MySQLStore.php
index 810f059f1..a5299b3a5 100644
--- a/lib/Auth/OpenID/MySQLStore.php
+++ b/lib/Auth/OpenID/MySQLStore.php
@@ -32,7 +32,7 @@ class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
$this->sql['assoc_table'] =
"CREATE TABLE %s (\n".
- " server_url BLOB NOT NULL,\n".
+ " server_url VARCHAR(2047) NOT NULL,\n".
" handle VARCHAR(255) NOT NULL,\n".
" secret BLOB NOT NULL,\n".
" issued INTEGER NOT NULL,\n".
diff --git a/lib/Auth/OpenID/Parse.php b/lib/Auth/OpenID/Parse.php
index c81cb0103..0461bdcff 100644
--- a/lib/Auth/OpenID/Parse.php
+++ b/lib/Auth/OpenID/Parse.php
@@ -219,7 +219,11 @@ class Auth_OpenID_Parse {
function match($regexp, $text, &$match)
{
if (!is_callable('mb_ereg_search_init')) {
- return preg_match($regexp, $text, $match);
+ if (!preg_match($regexp, $text, $match)) {
+ return false;
+ }
+ $match = $match[0];
+ return true;
}
$regexp = substr($regexp, 1, strlen($regexp) - 2 - strlen($this->_re_flags));
diff --git a/lib/Auth/OpenID/Server.php b/lib/Auth/OpenID/Server.php
index fb7cc39d2..9887d1e8d 100644
--- a/lib/Auth/OpenID/Server.php
+++ b/lib/Auth/OpenID/Server.php
@@ -1704,7 +1704,7 @@ class Auth_OpenID_Server {
{
if (method_exists($this, "openid_" . $request->mode)) {
$handler = array($this, "openid_" . $request->mode);
- return call_user_func($handler, &$request);
+ return call_user_func_array($handler, array($request));
}
return null;
}
diff --git a/lib/Auth/Yadis/Manager.php b/lib/Auth/Yadis/Manager.php
index ee6f68bcb..3f54fd0bc 100644
--- a/lib/Auth/Yadis/Manager.php
+++ b/lib/Auth/Yadis/Manager.php
@@ -411,9 +411,11 @@ class Auth_Yadis_Discovery {
if (!$manager || (!$manager->services)) {
$this->destroyManager();
- list($yadis_url, $services) = call_user_func($discover_cb,
- $this->url,
- &$fetcher);
+ list($yadis_url, $services) = call_user_func_array($discover_cb,
+ array(
+ $this->url,
+ &$fetcher,
+ ));
$manager = $this->createManager($services, $yadis_url);
}
diff --git a/lib/Auth/Yadis/ParanoidHTTPFetcher.php b/lib/Auth/Yadis/ParanoidHTTPFetcher.php
index 4da7c94c0..c44adfe92 100644
--- a/lib/Auth/Yadis/ParanoidHTTPFetcher.php
+++ b/lib/Auth/Yadis/ParanoidHTTPFetcher.php
@@ -129,9 +129,19 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
curl_setopt($c, CURLOPT_URL, $url);
if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
}
+
curl_exec($c);
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -153,6 +163,7 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
curl_close($c);
if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
$this->isHTTPS($url)) {
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
'curl/get', $url);
@@ -202,8 +213,17 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
array($this, "_writeData"));
if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
}
curl_exec($c);
@@ -217,7 +237,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
return null;
}
- if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
+ if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
+ $this->isHTTPS($url)) {
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
'curl/post', $url);
}
--
GitLab