diff options
| author | tailor <cygnus@janrain.com> | 2006-03-20 21:52:42 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2006-03-20 21:52:42 +0000 |
| commit | 88bd7078bef36b9448353441d951590b87de423a (patch) | |
| tree | addd7c92ceebded3393f4e9cbe2b6e491e549e26 | |
| parent | 4b784cbb85ef8e47061d1c9bd4b716ac95c5cdb3 (diff) | |
| download | php-openid-88bd7078bef36b9448353441d951590b87de423a.zip php-openid-88bd7078bef36b9448353441d951590b87de423a.tar.gz php-openid-88bd7078bef36b9448353441d951590b87de423a.tar.bz2 | |
[project @ Fixed double-port trust root sanity check]
| -rw-r--r-- | Auth/OpenID/TrustRoot.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/Auth/OpenID/TrustRoot.php b/Auth/OpenID/TrustRoot.php index 72fa902..88eff29 100644 --- a/Auth/OpenID/TrustRoot.php +++ b/Auth/OpenID/TrustRoot.php @@ -65,6 +65,12 @@ class Auth_OpenID_TrustRoot { return false; } + // Return false if the original trust root value has more than + // one port specification. + if (preg_match("/:\/\/[^:]+(:\d+){2,}(\/|$)/", $trust_root)) { + return false; + } + $scheme = strtolower($parts['scheme']); $allowed_schemes = array('http', 'https'); if (!in_array($scheme, $allowed_schemes)) { @@ -92,6 +98,7 @@ class Auth_OpenID_TrustRoot { if (strpos($host, ':') !== false) { return false; } + $parts['host'] = $host; if (isset($parts['path'])) { |