diff options
| author | tailor <cygnus@janrain.com> | 2007-11-27 22:22:14 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2007-11-27 22:22:14 +0000 |
| commit | 350de628a743e433c2abf42c0e4d752e8a587984 (patch) | |
| tree | e2ca8cd790a1ceb3fa1178c5860f82eeb2dd5947 | |
| parent | 691ad461b09f249f2cbd4614c68576ebb303ea2f (diff) | |
| download | php-openid-350de628a743e433c2abf42c0e4d752e8a587984.zip php-openid-350de628a743e433c2abf42c0e4d752e8a587984.tar.gz php-openid-350de628a743e433c2abf42c0e4d752e8a587984.tar.bz2 | |
[project @ Update NEWS, add specific error to complete() with query as first parameter]
| -rw-r--r-- | Auth/OpenID/Consumer.php | 8 | ||||
| -rw-r--r-- | NEWS | 7 |
2 files changed, 13 insertions, 2 deletions
diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php index 0d6f9d7..7c1e6d5 100644 --- a/Auth/OpenID/Consumer.php +++ b/Auth/OpenID/Consumer.php @@ -401,6 +401,14 @@ class Auth_OpenID_Consumer { */ function complete($return_to, $query=null) { + if ($return_to && !is_string($return_to)) { + // This is ugly, but we need to complain loudly when + // someone uses the API incorrectly. + trigger_error("return_to must be a string; see NEWS file " . + "for upgrading notes.", + E_USER_ERROR); + } + if ($query === null) { $query = Auth_OpenID::getQuery(); } @@ -44,9 +44,12 @@ If you cannot run the Python script, you can re-create your store by dropping the tables in the store and calling createTables() on the store object. -Consumers should now pass an additional parameter to +Consumers should now pass the consumer return_to URL to Auth_OpenID_Consumer::complete() to defend against return_to URL -tampering. +tampering. This has REPLACED the old parameter, $query. $query is +now a second optional parameter. It is STRONGLY RECOMMENDED that you +never override $query, since the OpenID library uses its own logic to +sidestep PHP's broken request-processing code. Summary of API Changes |