summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* #130: PHP 7 compatibility (fixes #129)HEADorigin/masterorigin/HEADmasterOleksandr Zahorulia2016-09-3052-142/+151
|
* version bump2.3.0Marco Ceppi2015-07-301-1/+1
|
* Merge pull request #126 from marcoceppi/fix-124Marco Ceppi2015-07-301-2/+2
|\ | | | | Fix DB requirement in README fixes #124
| * Fix DB requirement in README fixes #124Marco Ceppi2015-07-301-2/+2
|/
* Merge pull request #125 from marcoceppi/CVE-2014-8150Marco Ceppi2015-07-301-1/+11
|\ | | | | Fixes CVE-2014-8150
| * Fixes CVE-2014-8150Marco Ceppi2015-07-301-1/+11
|/ | | | Thanks for reporting and patching this Andrey!
* Merge pull request #122 from brownl/loop-over-dir-properlyMarco Ceppi2015-01-051-1/+1
|\ | | | | loop over directories "the right way"
| * loop over directories "the right way"Lawrence Brown2015-01-031-1/+1
|/ | | | | | | | | | | | | | | | See http://php.net/manual/en/function.readdir.php - specifically /* This is the correct way to loop over the directory. */ while (false !== ($entry = readdir($handle))) { echo "$entry\n"; } /* This is the WRONG way to loop over the directory. */ while ($entry = readdir($handle)) { echo "$entry\n"; } Looping over a directory the wrong way will cause the loop to stop if it comes to a directory named 0 (or anything else which evaluates to false)
* Merge pull request #121 from drmalex07/masterMarco Ceppi2014-04-231-4/+7
|\ | | | | Provide several modifications on the PredisStore implementation.
| * Provide several modifications on the PredisStore implementation.drmalex072014-03-111-4/+7
|/ | | | | | | | - Fixed some typos - Fixed the way an association is retreived from the store (getAssociation()). The existing implementation was poping (LPOP) from a list, causing unneeded re-associations. If we need to discard stale association handles, i think we should rather set the appropriate expiry intervals.
* Merge pull request #115 from marcoceppi/warn-when-person-is-doing-harmMarco Ceppi2014-02-131-2/+7
|\ | | | | Add warning when you disable SSL, don't be silly please
| * Add warning when you disable SSL, don't be silly pleaseMarco Ceppi2014-01-221-2/+7
| |
* | Merge pull request #117 from marcoceppi/xml-sad-faceMarco Ceppi2014-01-231-3/+7
|\ \ | |/ |/| Reject OpenID XML responses with a doctype
| * Reject OpenID XML responses with a doctype CVE-2012-4554Marco Ceppi2014-01-231-0/+4
| |
| * Clean upMarco Ceppi2014-01-231-3/+3
|/
* Merge pull request #113 from thanhhh/masterMarco Ceppi2014-01-201-1/+5
|\ | | | | Add Auth_OpenID_DISABLE_SSL_VERIFY opt to disable SSL verify
| * Remove wasted white space for #113ThanhHH2014-01-161-2/+2
| |
| * Add Auth_OpenID_DISABLE_SSL_VERIFY opt to disable SSL verifyThanhHH2014-01-091-3/+7
| |
* | Merge pull request #114 from AdamWill/entity_decodeMarco Ceppi2014-01-091-24/+1
|\ \ | | | | | | Yadis: drop custom replaceEntities() function and use html_entity_decode
| * | Yadis: drop custom replaceEntities() function and use html_entity_decodeAdam Williamson2014-01-091-24/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yadis' ParseHTML.php has a replaceEntities() function for replacing HTML entities, with a comment that appears to explain its existence by stating "Replace numeric entities because html_entity_decode doesn't do it for us". This is breaking with PHP 5.5 because it uses the deprecated /e modifier for preg_replace() - https://github.com/openid/php-openid/issues/108 . I think this custom function is no longer needed at least with PHP 5. PHP 5 has had support for replacing numeric entities since 2003, and its entity handling code has been refined quite a lot since then. replaceEntities() has been there since 2006, and probably earlier. I guess at that time PHP 4 compatibility was still important so this was needed - I don't think PHP 4's html_entity_decode() has ever had numeric entity support - but now PHP 5 is a decade old and there's a separate PHP 4 branch of php-openid, I think we can ditch replaceEntities() in the main branch!
* | Merge pull request #100 from fredden/patch-1Marco Ceppi2014-01-091-1/+1
|\ \ | | | | | | Improves open_basedir detection
| * | Improves open_basedir detectionDan Wallis2013-05-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fredden@gordo:/tmp/php-openid/examples$ php detect.php | grep -C1 basedir If you are using a filesystem-based store or SQLite, be aware that open_basedir <http://www.php.net/manual/en/features.safe-mode.php#ini.open-basedir> is in effect. This means that your data will have to be stored in one of the fredden@gordo:/tmp/php-openid/examples$ php -i | grep basedir open_basedir => no value => no value fredden@gordo:/tmp/php-openid/examples$ vi detect.php fredden@gordo:/tmp/php-openid/examples$ php detect.php | grep basedir The *open_basedir* configuration restriction is not in effect. fredden@gordo:/tmp/php-openid/examples$ git diff detect.php diff --git a/examples/detect.php b/examples/detect.php index 9c59db3..90e3995 100644 --- a/examples/detect.php +++ b/examples/detect.php @@ -352,7 +352,7 @@ function detect_stores($r, &$out) } $basedir_str = ini_get('open_basedir'); - if (gettype($basedir_str) == 'string') { + if (gettype($basedir_str) == 'string' && $basedir_str) { $url = 'http://www.php.net/manual/en/features.safe-mode.php' . '#ini.open-basedir'; $lnk = $r->link($url, 'open_basedir'); fredden@gordo:/tmp/php-openid/examples$
* | | Merge pull request #111 from stutiredboy/masterMarco Ceppi2014-01-091-0/+3
|\ \ \ | |_|/ |/| | Update Consumer.php for Auth_OpenID_DumbStore
| * | Update Consumer.phpstutiredboy2013-12-171-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | ``` $this->_use_assocs = (is_null($this->store) ? false : true); ``` always return true, even the store is Auth_OpenID_DumbStore, and do an association with the OpenID Server. but OpenID Server will reject the check_authentication, if RP have do an association.
* | | Merge pull request #94 from etienneq/pass-by-reference-fixMarco Ceppi2013-12-175-14/+14
|\ \ \ | |/ / |/| | issue #8 fix (PHP 5.4 call-time pass-by-reference removed)
| * | Call-time pass-by-reference fixEtienne Quiel2013-04-095-14/+14
| | |
* | | Merge pull request #109 from chuckpearce/masterMarco Ceppi2013-10-031-1/+1
|\ \ \ | | | | | | | | Changed gist location as the current was returning 404, new Hello World!...
| * | | Changed gist location as the current was returning 404, new Hello World! ↵editing on sandpit2013-10-031-1/+1
|/ / / | | | | | | | | | gist created
* | | Merge pull request #105 from vmattila/predis-storeMarco Ceppi2013-09-031-2/+2
|\ \ \ | | | | | | | | Fixed wrong expiration command (expiresat -> expireat)
| * | | Fixed wrong expiration command (expiresat -> expireat)Ville Mattila2013-09-021-2/+2
| | | |
* | | | correction for PHP < 5.2.11nao-pon2013-08-251-6/+11
| | | | | | | | | | | | libxml_disable_entity_loader (PHP 5 >= 5.2.11)
* | | | Merge pull request #103 from vmattila/predis-storeMarco Ceppi2013-08-171-0/+208
|\ \ \ \ | |/ / / | | | | Implemented PredisStore to provide association store for Redis servers.
| * | | Implemented PredisStore to provide association store for Redis servers.Ville Mattila2013-08-131-0/+208
| | |/ | |/|
* | | disable external XML entities and libxml errorsWill Norris2013-08-111-1/+8
|/ / | | | | | | thanks to Kousuke Ebihara for the report and patch.
* | Merge pull request #99 from DavidMikeSimon/masterMarco Ceppi2013-05-212-14/+14
|\ \ | | | | | | PEAR and strict mode issues
| * | Prevent errors in strict mode due to weird PEAR static method declarationsDavid Simon2013-05-212-14/+14
|/ /
* | Merge pull request #97 from Jannie/masterMarco Ceppi2013-05-081-3/+8
|\ \ | | | | | | Pass request data to fix AX. Fixes #54.
| * | Fixes #54. Pass request data to fix AX.Evgeniya Patuk2013-05-081-3/+8
|/ / | | | | | | | | | | AX fetch response is created based on AX fetch request data. Need to pass the $request to the Auth_OpenID_AX_FetchResponse getExtensionArgs method.
* | Merge pull request #96 from etienneq/zero_filesize_bugMarco Ceppi2013-05-061-1/+10
|\ \ | | | | | | Separate file_exists() and filesize() checks to avoid fread and filesize error
| * | included more checks for file access errorsEtienne Quiel2013-05-061-1/+10
|/ /
* | Merge pull request #95 from DavidMikeSimon/masterMarco Ceppi2013-04-252-0/+25
|\ \ | |/ |/| Added composer support
| * Added composer.jsonDavid Simon2013-04-252-0/+25
|/
* Merge pull request #91 from henrrrik/patch-1Marco Ceppi2013-03-081-1/+1
|\ | | | | If $_SESSION isn't set, don't trigger a PHP notice.
| * Better to use isset() in case it doesn't exist.Henrik Sjökvist2013-02-211-1/+1
| |
| * If $_SESSION isn't set, don't trigger a PHP notice.Henrik Sjökvist2013-02-201-1/+1
|/
* Merge pull request #83 from UNINETT/masterMarco Ceppi2012-12-215-17/+17
|\ | | | | Fix encoding errors in some POST forms + fix example server
| * Clean up reference assignment of objects.Olav Morken2012-10-194-14/+14
| | | | | | | | | | Since all objects are passed by reference in PHP 5, assigning them by reference does not make sense, and in some cases causes warnings.
| * Properly escape form output data.Olav Morken2012-10-191-3/+3
| | | | | | | | | | | | Since this data is inserted as strings in HTML documents, we should call htmlspecialchars() to protect against any values containing special characters, e.g. '"' or '&'.
| * Revert "1. Added urldecoding POST form values (browser will encode them if ↵Olav Morken2012-10-191-1/+1
| | | | | | | | | | | | | | | | | | | | needed)." Since the message values are not URL encoded, calling urldecode() on them does not make sense. Instead, it breaks any OpenID parameter containing anything that looks like URL encoding. This reverts commit 8d53dfe542f321da3a6e6d6e626923d575ed91d2.
* | Merge pull request #61 from JonTheNiceGuy/removeloggingMarco Ceppi2012-12-211-7/+0
|\ \ | | | | | | Removed logging calls for a successful retrieval, as the PlainHTTPFetcher doesn't perform logging on a successful commit.
| * | Removed logging calls for a successful retrieval, as the PlainHTTPFetcher ↵Jon "The Nice Guy" Spriggs2011-10-051-7/+0
| | | | | | | | | | | | doesn't perform logging on a successful commit.
* | | Merge pull request #84 from pixnet/masterMarco Ceppi2012-10-251-1/+7
|\ \ \ | |_|/ |/| | Set proxy options only if Auth_OpenID_HTTP_PROXY is explicitly set
| * | Set proxy options only if Auth_OpenID_HTTP_PROXY is explicitly setitsour2012-10-251-1/+7
|/ /
* | Merge pull request #78 from rodrigosprimo/masterMarco Ceppi2012-10-111-1/+5
|\ \ | | | | | | Fixed issue #32
| * | Fixing issue #32 : https://github.com/openid/php-openid/issues/32Rodrigo Primo2012-10-111-1/+5
|/ /
* | Merge pull request #75 from cakebaker/bugfix-invalid-return-valueMarco Ceppi2012-08-141-1/+5
|\ \ | | | | | | Fixing "preg_match_all() expects parameter 2 to be string, array given" error
| * | Return string instead of arrayDaniel Hofstetter2012-08-141-1/+5
|/ /
* | Merge pull request #74 from vmattila/masterMarco Ceppi2012-08-101-1/+1
|\ \ | | | | | | Fixed one deprecated runtime call-by-reference from Server.php (line 1707)
| * | Removed one deprecated runtime call-by-referenceVille Mattila2012-08-091-1/+1
|/ /
* | Merge pull request #41 from cakebaker/masterMarco Ceppi2012-07-311-1/+1
|\ \ | | | | | | Changing datatype of the server_url column from blob to varchar
| * | Using varchar(2047) instead of blob for server_url columnDaniel Hofstetter2010-12-151-1/+1
| | |
* | | Merge pull request #70 from arnaud-lb/fix-call-time-pass-by-refMarco Ceppi2012-07-313-7/+11
|\ \ \ | | | | | | | | Remove call-time pass-by-reference
| * | | fixed call-time pass-by-referenceArnaud Le Blanc2012-03-043-7/+11
|/ / /
* | | Merge pull request #47 from starsquare/masterWill Norris2012-01-024-19/+19
|\ \ \ | | | | | | | | | | | | | | | | Fix for all dl() cases and short_open_tag I'm pretty sure we should remove the dl() calls entirely, since it is not longer present in PHP 5.3, but going ahead and merging this as-is for now.
| * | | fix for rest of dl() calls, also avoid ini_set() as may not work on safe_modeChris Buckley2011-05-033-5/+5
| | | |
| * | | fix for short_open_tag = 0Chris Buckley2011-05-031-14/+14
| | |/ | |/|
* | | Merge pull request #59 from staktrace/fix-detectWill Norris2012-01-021-2/+2
|\ \ \ | | | | | | | | Fix detect
| * | | Update the URL used for HTTPFetch testing now that github's behaviour has ↵Kartikaya Gupta2011-10-021-1/+1
| | | | | | | | | | | | | | | | changed and they do some redirects. This makes the test pass again
| * | | Remove angle brackets from around a URL, since if the output is in text/html ↵Kartikaya Gupta2011-10-021-1/+1
| |/ / | | | | | | | | | format the URL doesn't get printed.
* | | Merge pull request #65 from pwaring/masterWill Norris2012-01-021-1/+1
|\ \ \ | | | | | | | | Fix minor typo
| * | | Fix minor spelling error.Paul Waring2011-11-091-1/+1
| |/ /
* | | allow custom CA certs to be used to verify hostsWill Norris2012-01-021-0/+6
| | | | | | | | | | | | partially fixes #38
* | | restructure Auth_OpenID_VERIFY_HOST logicWill Norris2012-01-021-24/+19
| | | | | | | | | | | | make it a little more readable and obvious what we're doing here
* | | In response to Issue 38 and issue 51, this patch allows forcing host ↵Jon "The Nice Guy" Spriggs2011-10-051-3/+24
|/ / | | | | | | verification on and off, or leaving the defaults as-is.
* | Merge branch 'master' of https://github.com/adrianlang/php-openid into ↵Will Norris2011-01-194-3/+9
|\ \ | | | | | | | | | adrianlang-master
| * | Improve PHP 5 complianceAdrian Lang2010-10-084-3/+9
| |/
* | Made some hardcoded tmp paths dynamic by using sys_get_temp_dir. If function ↵Philipp Söhnlein2011-01-162-10/+33
|/ | | | is not available the old mechanisms are used.
* Patching issue 17 (http://github.com/openid/php-openid/issues/#issue/17)JonTheNiceGuy2010-07-211-1/+5
| | | | | | This was also logged previously as Trac ticket 356 This patch was submitted at the time by https://me.yahoo.com/doulepov
* fixed Parse::match() returning different types and cleaned call-by-ref warningsTim Preston2010-07-203-5/+5
| | | | | | | | | Auth/OpenID/Parse.php The match() function takes a reference parameter $match and, depending on execution flow, either returns that as an array or a string. This has been modified to now return an array in both cases. Auth/OpenID/Consumer.php Auth/Yadis/Manager.php Fixed two function calls with explicit call-by-reference parameters.
* Fixed warnings in try_auth.php, consumer.php. Fixed reference to ↵long2010-07-203-5/+10
| | | | openid-enabled.com in detect.php
* 1. Removed assigning by reference new operator result (E_DEPRECATED).Shein Alexey2010-07-201-2/+1
|
* 1. Added urldecoding POST form values (browser will encode them if needed).Shein Alexey2010-07-201-1/+1
|
* 1. Added dl() existance checking.Shein Alexey2010-07-201-6/+6
| | | | 2. Fixed a notice with absent $_GET parameter.
* callback requires 3 parameters, not 2. fixes issue#1 from ↵Alexey Zakhlestin2010-07-201-1/+1
| | | | github.com/openid/php-openid branch
* no need for reference here, as php-5.x already treats all objects as ↵Alexey Zakhlestin2010-07-201-1/+1
| | | | pseudo-references
* Use constant-time comparison of signatures to mitigate timing attacksCarl Howells2010-07-202-1/+15
|
* update file permissionsCarl Howells2010-07-2012-0/+0
|
* Updating version2.2.2Lilli2010-04-291-1/+1
|
* Fixing issue opened by jhr with patch found on bugs.debian.orgs: "A Debian ↵Lilli2010-04-291-1/+1
| | | | user reported that the regular expression in Auth/OpenID/Parse.php is too greedy to cope with big pages. A simple fix is to make .? to . See http://bugs.debian.org/535479 for more info."
* Updated version2.2.1Lilli2010-04-281-1/+1
|
* Merge branch 'master' of github.com:openid/php-openidLilli2010-04-282-14/+14
|\
| * form should autosubmit. fixes issue#2 from github.com/openid/php-openid branchAlexey Zakhlestin2010-04-291-1/+1
| |
| * fix mb_ereg warningAlexey Zakhlestin2010-04-291-11/+11
| |
| * fix typoAlexey Zakhlestin2010-04-291-2/+2
| |
* | Manually added indeyet's commit because it was failing: 'no need for ↵Lilli2010-04-281-1/+1
|/ | | | reference here, as php-5.x already treats all objects as pseudo-references'
* Merge branch 'master' of github.com:openid/php-openidLilli2010-04-283-15/+3
|\
| * Don't throw error when when received arg count is unlimitedAnthony BRETAUDEAU2010-04-291-1/+1
| |
| * As written in doc, don't erase signed args when some of the args are unsignedAnthony BRETAUDEAU2010-04-291-1/+1
| |
| * SQLStore: use is_subclass_of to determine if we have a PEAR instance.Daniel Hahler2010-04-291-13/+1
| | | | | | | | | | | | | | | | This prevents a blank page with no error indication at all, if there appears to happen a fatal error when trying to require DB.php from the global include path (very bad practice!) Instead, using is_subclass_of should be enough, especially when using an own implementation.
* | Added ccazette/indeyet's change to function returnToVerified() manually as ↵Lilli2010-04-281-2/+3
| | | | | | | | the commit was failing as when I tried to pull the change. This fixes the issue opened by ccazette: 'In Server.php, this function calls the Auth_OpenID_verifyReturnTo() function from TrustRoot.php, which takes 3 arguments, but only 2 are given in call_user_func_array.'
generated by cgit v1.1 at 2025-05-10 19:57:24 +0000