diff options
| author | tailor <cygnus@janrain.com> | 2007-04-04 22:44:07 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2007-04-04 22:44:07 +0000 |
| commit | f53a81c83f27a5d84e998b197b6569e35a12df8b (patch) | |
| tree | e0d0f3accc372f6f045cd3eb7ebf10fecac2691b | |
| parent | 74b60c994d94dc260fc40572b38a4be8afdb3fa6 (diff) | |
| download | php-openid-f53a81c83f27a5d84e998b197b6569e35a12df8b.zip php-openid-f53a81c83f27a5d84e998b197b6569e35a12df8b.tar.gz php-openid-f53a81c83f27a5d84e998b197b6569e35a12df8b.tar.bz2 | |
[project @ Add bytes and toBytes to avoid multibyte string overloading]
| -rw-r--r-- | Auth/OpenID.php | 32 | ||||
| -rw-r--r-- | Auth/OpenID/BigMath.php | 11 | ||||
| -rw-r--r-- | Auth/OpenID/DiffieHellman.php | 3 | ||||
| -rw-r--r-- | Auth/OpenID/FileStore.php | 6 | ||||
| -rw-r--r-- | Auth/OpenID/HMACSHA1.php | 4 | ||||
| -rw-r--r-- | Auth/OpenID/SQLStore.php | 7 | ||||
| -rw-r--r-- | Tests/Auth/OpenID/CryptUtil.php | 7 | ||||
| -rw-r--r-- | examples/detect.php | 2 |
8 files changed, 60 insertions, 12 deletions
diff --git a/Auth/OpenID.php b/Auth/OpenID.php index 354e2db..88124cf 100644 --- a/Auth/OpenID.php +++ b/Auth/OpenID.php @@ -491,6 +491,38 @@ class Auth_OpenID { return intval($value); } + + /** + * Count the number of bytes in a string independently of + * multibyte support conditions. + * + * @param string $str The string of bytes to count. + * @return int The number of bytes in $str. + */ + function bytes($str) + { + return strlen(bin2hex($str)) / 2; + } + + /** + * Get the bytes in a string independently of multibyte support + * conditions. + */ + function toBytes($str) + { + $hex = bin2hex($str); + + if (!$hex) { + return array(); + } + + $b = array(); + for ($i = 0; $i < strlen($hex); $i += 2) { + $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10)); + } + + return $b; + } } ?>
\ No newline at end of file diff --git a/Auth/OpenID/BigMath.php b/Auth/OpenID/BigMath.php index c4c75f6..f8188a3 100644 --- a/Auth/OpenID/BigMath.php +++ b/Auth/OpenID/BigMath.php @@ -21,6 +21,11 @@ require_once 'Auth/OpenID/CryptUtil.php'; /** + * Need Auth_OpenID::bytes(). + */ +require_once 'Auth/OpenID.php'; + +/** * The superclass of all big-integer math implementations * @access private * @package OpenID @@ -145,9 +150,9 @@ class Auth_OpenID_MathLibrary { list($duplicate, $nbytes) = $duplicate_cache[$rbytes]; } else { if ($rbytes[0] == "\x00") { - $nbytes = strlen($rbytes) - 1; + $nbytes = Auth_OpenID::bytes($rbytes) - 1; } else { - $nbytes = strlen($rbytes); + $nbytes = Auth_OpenID::bytes($rbytes); } $mxrand = $this->pow(256, $nbytes); @@ -446,4 +451,4 @@ function &Auth_OpenID_getMathLib() return $lib; } -?>
\ No newline at end of file +?> diff --git a/Auth/OpenID/DiffieHellman.php b/Auth/OpenID/DiffieHellman.php index 0551390..9b99909 100644 --- a/Auth/OpenID/DiffieHellman.php +++ b/Auth/OpenID/DiffieHellman.php @@ -14,6 +14,7 @@ * @license http://www.gnu.org/copyleft/lesser.html LGPL */ +require_once 'Auth/OpenID.php'; require_once 'Auth/OpenID/BigMath.php'; require_once 'Auth/OpenID/HMACSHA1.php'; @@ -123,7 +124,7 @@ class Auth_OpenID_DiffieHellman { $hash_dh_shared = $hash_func($dh_shared_str); $xsecret = ""; - for ($i = 0; $i < strlen($secret); $i++) { + for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) { $xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i])); } diff --git a/Auth/OpenID/FileStore.php b/Auth/OpenID/FileStore.php index acf0dd2..dba0e4d 100644 --- a/Auth/OpenID/FileStore.php +++ b/Auth/OpenID/FileStore.php @@ -560,8 +560,10 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { function _filenameEscape($str) { $filename = ""; - for ($i = 0; $i < strlen($str); $i++) { - $c = $str[$i]; + $b = Auth_OpenID::toBytes($str); + + for ($i = 0; $i < count($b); $i++) { + $c = $b[$i]; if (Auth_OpenID_FileStore::_isFilenameSafe($c)) { $filename .= $c; } else { diff --git a/Auth/OpenID/HMACSHA1.php b/Auth/OpenID/HMACSHA1.php index 928525b..9fc293e 100644 --- a/Auth/OpenID/HMACSHA1.php +++ b/Auth/OpenID/HMACSHA1.php @@ -14,6 +14,8 @@ * @license http://www.gnu.org/copyleft/lesser.html LGPL */ +require_once 'Auth/OpenID.php'; + /** * SHA1_BLOCKSIZE is this module's SHA1 blocksize used by the fallback * implementation. @@ -54,7 +56,7 @@ function Auth_OpenID_SHA1($text) */ function Auth_OpenID_HMACSHA1($key, $text) { - if (strlen($key) > Auth_OpenID_SHA1_BLOCKSIZE) { + if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) { $key = Auth_OpenID_SHA1($key, true); } diff --git a/Auth/OpenID/SQLStore.php b/Auth/OpenID/SQLStore.php index 5829f18..b71729d 100644 --- a/Auth/OpenID/SQLStore.php +++ b/Auth/OpenID/SQLStore.php @@ -29,6 +29,11 @@ $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; require_once 'Auth/OpenID/Interface.php'; /** + * @access private + */ +require_once 'Auth/OpenID.php'; + +/** * This is the parent class for the SQL stores, which contains the * logic common to all of the SQL stores. * @@ -494,7 +499,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { function _octify($str) { $result = ""; - for ($i = 0; $i < strlen($str); $i++) { + for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) { $ch = substr($str, $i, 1); if ($ch == "\\") { $result .= "\\\\\\\\"; diff --git a/Tests/Auth/OpenID/CryptUtil.php b/Tests/Auth/OpenID/CryptUtil.php index 4970023..00fc037 100644 --- a/Tests/Auth/OpenID/CryptUtil.php +++ b/Tests/Auth/OpenID/CryptUtil.php @@ -14,6 +14,7 @@ */ require_once 'PHPUnit.php'; +require_once 'Auth/OpenID.php'; require_once 'Auth/OpenID/CryptUtil.php'; class Tests_Auth_OpenID_CryptUtil extends PHPUnit_TestCase { @@ -22,7 +23,7 @@ class Tests_Auth_OpenID_CryptUtil extends PHPUnit_TestCase { $cases = array(1, 10, 255); foreach ($cases as $length) { $data = Auth_OpenID_CryptUtil::getBytes($length); - $this->assertEquals(strlen($data), $length); + $this->assertEquals(Auth_OpenID::bytes($data), $length); } } @@ -46,8 +47,8 @@ class Tests_Auth_OpenID_CryptUtil extends PHPUnit_TestCase { $s = Auth_OpenID_CryptUtil::getBytes(32); $t = Auth_OpenID_CryptUtil::getBytes(32); - $this->assertEquals(strlen($s), 32); - $this->assertEquals(strlen($t), 32); + $this->assertEquals(Auth_OpenID::bytes($s), 32); + $this->assertEquals(Auth_OpenID::bytes($t), 32); $this->assertFalse($s == $t); } } diff --git a/examples/detect.php b/examples/detect.php index ed9ef4f..3d06cf6 100644 --- a/examples/detect.php +++ b/examples/detect.php @@ -251,7 +251,7 @@ function detect_random($r, &$out) } if ($f !== false) { - $dataok = (strlen($data) == $numbytes); + $dataok = (Auth_OpenID::bytes($data) == $numbytes); $ok = $dataok && !$size; $msg .= 'It seems to exist '; if ($dataok) { |