PHP-OpenID- released

Dan Libby danda at
Thu Sep 8 02:21:00 PDT 2005

ctd1500 wrote:

>You seem to have used non-working code, in place of the patch I sent
>in yesterday.
This is true.  My bad.  I was literally running out the door to catch a
plane, so I did not have time to test my fix.  I'll try not to release
any more untested patches.

I appreciate your patch, but I chose to provide an alternative ( and
unfortunately faulty ) implementation because:

a) PCRE extension ( preg_* ) is not available on all PHP installations.
So for maximum compatibility, I would need to provide an alternative
implementation anyway.  From PHP manual:   "Beginning with PHP 4.2.0
these functions are enabled by default. You can disable the pcre
functions with --without-pcre-regex."  I am targetting PHP >= 4.1.0.
( I realize that PCRE is used in a couple other places in the code, but
I'm trying to minimize / workaround that. )

b) I did not understand exactly what your regex does, and what failure
cases might exist.  An explanatory comment would help.

c) I generally tend to avoid using regex if a simple alternative exists
-- both because of speed and because they are hard to read and
maintain.  In this case the problem seems solveable by other means.

In regards to URL normalization, the spec says:

The delegate identity URL must be canonical. It will not be further
processed by the consumer, so be sure it has the "http://" and trailing
slash, if there's no path component.

So my fix was to use parse_url() to determine if there is a path or not,
and if not, then I append '/'.

What I didn't realize is that if parse_url() does not find a scheme, eg
'http://', then it returns the entire string as the path. So, the
correct fix, in case of a missing scheme, is to prepend 'http://', and
then call parse_url() again. This time I've tested it, and it works
well.  Note that this fix also avoids prepending 'http://' to urls with
other schemes, eg: "", whereas the old code would
generate "http://".

Updated release coming in a bit.



>Below is the Working patch for the new release

>--- PHP-OpenID- Tue Sep 07 10:33:55 2005
>+++ PHP-OpenID- Tue Sep 07 10:38:21 2005
>@@ -70,17 +70,15 @@
>    function normalize_url($url) {
>        assert( 'is_string( $url )' );
>        $url = trim( $url );
>        $parts = parse_url( $url );
>        $scheme = isset( $parts['scheme'] ) ? $parts['scheme'] : null;
>-        $path = isset( $parts['path'] ) ? $parts['path'] : null;
>        if( !$scheme ) {
>            $url = 'http://' . $url;
>        }
>-        if( !$path ) {
>-            $url .= '/';
>-        }
>+        if (!preg_match("#(http(s)?)://.+/#is", $url)) {
>+            $url .= "/";
>+        }
>        // Porting Todo: handle unicode urls.

More information about the yadis mailing list