PHP-OpenID-0.0.8.2 released

Dan Libby danda at videntity.org
Tue Sep 13 16:09:12 PDT 2005


Hi Christian,

It looks like I even ported bugs from the python implementation.  :)

Below is a patch that fixes the issue for both the PHP and Python
libraries.  It also adds your example as a test case.

Please report PHP-OpenID bugs to php-openid at videntity dot org.  If
you want to CC the list, I've no objection.

regards,

Dan Libby




========================
Patch for PHP OpenID 0.0.8.2:
========================

*** trustroot.php       6 Sep 2005 15:15:30 -0000       1.1
--- trustroot.php       14 Sep 2005 02:14:21 -0000
***************
*** 94,100 ****
          $host = array();
          $cnt = count( $host_parts );
          if( strlen($host_parts[$cnt-1]) == 2) {
!             if( $cnt > 1 && strlen($host_parts[$cnt-2]) <= 3) {
                  $host = array_slice( $host_parts, 0, $cnt-2);
              }
          }
--- 94,100 ----
          $host = array();
          $cnt = count( $host_parts );
          if( strlen($host_parts[$cnt-1]) == 2) {
!             if( $cnt > 1 && strlen($host_parts[$cnt-1]) <= 3) {
                  $host = array_slice( $host_parts, 0, $cnt-2);
              }
          }
***************
*** 317,322 ****
--- 317,323 ----
      assertSane('http://*.com.au/', false);
      assertSane('http://*.co.uk/', false);
      assertSane('http://localhost:8082/?action=openid', true);
+     assertSane('http://greg.abstrakt.ch', true);

      // XXX: what exactly is a sane trust root?
      // assertSane('http) {//*.k12.va.us/', false)



========================
Patch for Python OpenID 0.0.8:
========================

*** trustroot.py        28 Aug 2005 03:04:56 -0000      1.1
--- trustroot.py        14 Sep 2005 02:08:22 -0000
***************
*** 64,70 ****
          # extract sane "top-level-domain"
          host = []
          if len(host_parts[-1]) == 2:
!             if len(host_parts[-2]) <= 3:
                  host = host_parts[:-2]
          elif len(host_parts[-1]) == 3:
              host = host_parts[:-1]
--- 64,70 ----
          # extract sane "top-level-domain"
          host = []
          if len(host_parts[-1]) == 2:
!             if len(host_parts[-1]) <= 3:
                  host = host_parts[:-2]
          elif len(host_parts[-1]) == 3:
              host = host_parts[:-1]
***************
*** 218,223 ****
--- 218,224 ----
      assertSane('http://*.com.au/', False)
      assertSane('http://*.co.uk/', False)
      assertSane('http://localhost:8082/?action=openid', True)
+     assertSane('http://greg.abstrakt.ch', True);

      # XXX: what exactly is a sane trust root?
      #assertSane('http://*.k12.va.us/', False)




Christian Stocker wrote:

>Hi
>
>Another Bug:
>
>trustroot.php, method isSane(), line 97:
>  if( $cnt > 1) && strlen($host_parts[$cnt-2]) <= 3) {
>
>Doesn't parse for example
>
>greg.abstrakt.ch
>
>correctly (and a lot of other internationally common domains).
>
>I assume the check is for things like example.co.uk etc.
>
>I don't know, how to make that more correct (not sure, what it actually
>should reject and what not), but removing "&&
>strlen($host_parts[$cnt-2]) <= 3" helped for the time beeing
>
>And, shall I report bugs here on this list in the future or just
>directly to dan?
>
>chregu
>  
>



More information about the yadis mailing list