diff options
| author | tailor <cygnus@janrain.com> | 2007-10-16 20:40:40 +0000 |
|---|---|---|
| committer | tailor <cygnus@janrain.com> | 2007-10-16 20:40:40 +0000 |
| commit | 8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289 (patch) | |
| tree | f6c870681a3c4d433572931ddee69935fe5189bd /Auth/OpenID | |
| parent | 4f881d41750bed0df9951a4c12f4c97a8c3833dc (diff) | |
| download | php-openid-8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289.zip php-openid-8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289.tar.gz php-openid-8dc2b6cfc29fb752bdc19ae3a5b57ae3da72a289.tar.bz2 | |
[project @ r300: update_url must match openid.realm]
Diffstat (limited to 'Auth/OpenID')
| -rw-r--r-- | Auth/OpenID/AX.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/Auth/OpenID/AX.php b/Auth/OpenID/AX.php index a919b26..aeb9f15 100644 --- a/Auth/OpenID/AX.php +++ b/Auth/OpenID/AX.php @@ -7,6 +7,7 @@ require_once "Auth/OpenID/Extension.php"; require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/TrustRoot.php"; define('Auth_OpenID_AX_NS_URI', 'http://openid.net/srv/ax/1.0'); @@ -347,6 +348,26 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message { return $result; } + if ($obj->update_url) { + // Update URL must match the openid.realm of the + // underlying OpenID 2 message. + $realm = $message->getArg(Auth_OpenID_OPENID_NS, 'realm', + $message->getArg( + Auth_OpenID_OPENID_NS, + 'return_to')); + + if (!$realm) { + $obj = new Auth_OpenID_AX_Error( + sprintf("Cannot validate update_url %s " . + "against absent realm", $obj->update_url)); + } else if (!Auth_OpenID_TrustRoot::match($realm, + $obj->update_url)) { + $obj = new Auth_OpenID_AX_Error( + sprintf("Update URL %s failed validation against realm %s", + $obj->update_url, $realm)); + } + } + return $obj; } |