PHP-OpenID-0.0.8.2 released

Dan Libby danda at videntity.org
Sat Sep 10 20:41:34 PDT 2005


Hi Carl,

Would it be possible for me to get my hands on the latest code?  Ideally
there could be a Python 0.0.9 and PHP 0.0.9 at about the same time.

Also, I've added a small fix for URL normalization that perhaps the
python package should pickup, as it seems to have the same issue with
not appending trailing slash to the URL, and with mangling URLs that
begin with protocols others than "http://" or "https://".

-dan

    // From openID spec:
    // The delegate identity URL must be canonical. It will not be further
    // processed by the consumer, so be sure it has the "http://" and
trailing
    // slash, if there's no path component.
    function normalize_url($url) {
        assert( 'is_string( $url )' );
        $url = trim( $url );
       
        // Note: we use parse_url() here rather than checking for
http(s) because
        // possibly the url contains eg ftp:// and it would be silly to
prepend
        // http:// to such a url.
        $parts = parse_url( $url );
        $scheme = isset( $parts['scheme'] ) ? $parts['scheme'] : null;

        if( !$scheme ) {
            $url = 'http://' . $url;
            // If no scheme was found, then path will contain the whole
url, which is not what we want,
            // so we parse it again.
            $parts = parse_url( $url );
        }

        $path = isset( $parts['path'] ) ? $parts['path'] : null;
       
        if( !$path ) {
            $url .= '/';
        }
       
   
        // Porting Todo: handle unicode urls.
        /*
        if isinstance(url, unicode) {
            parsed = urlparse.urlparse(url)
            authority = parsed[1].encode('idna')
            tail = map(quote_minimal, parsed[2:])
            encoded = (str(parsed[0]), authority) + tuple(tail)
            url = urlparse.urlunparse(encoded)
            assert type(url) is str
        */
   
        return $url;
    }

Carl Howells wrote:

> Christian Stocker wrote:
>
>> Hi
>>
>> Another Bug:
>>
>> trustroot.php, method isSane(), line 97:
>>   if( $cnt > 1) && strlen($host_parts[$cnt-2]) <= 3) {
>>
>> Doesn't parse for example
>>
>> greg.abstrakt.ch
>>
>> correctly (and a lot of other internationally common domains).
>>
>> I assume the check is for things like example.co.uk etc.
>>
>> I don't know, how to make that more correct (not sure, what it actually
>> should reject and what not), but removing "&&
>> strlen($host_parts[$cnt-2]) <= 3" helped for the time beeing
>>
>> And, shall I report bugs here on this list in the future or just
>> directly to dan?
>>
>> chregu
>
>
> That's actually an artifact of being a near-direct port of our python
> package.  We've changed our trust-root handling significantly
> recently, as it was way too strict before.  I don't know if a version
> of our code with those changes is available yet.
>
> Carl




More information about the yadis mailing list