Added new version of the openid library to the module.

mmakaay · mmakaay · commit 26ac3aa64c3b · 2012-04-13T03:34:54.000+02:00
diff --git a/include/openid/Auth/OpenID/Association.php b/include/openid/Auth/OpenID/Association.php
@@ -374,7 +374,7 @@ function checkMessageSignature($message)
         }
 
         $calculated_sig = $this->getMessageSignature($message);
-        return $calculated_sig == $sig;
+        return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);
     }
 }
 
diff --git a/include/openid/Auth/OpenID/BigMath.php b/include/openid/Auth/OpenID/BigMath.php
@@ -365,7 +365,6 @@ function Auth_OpenID_detectMathLibrary($exts)
 {
     $loaded = false;
 
-	$hasDl = function_exists('dl');
     foreach ($exts as $extension) {
         if (extension_loaded($extension['extension'])) {
             return $extension;
diff --git a/include/openid/Auth/OpenID/Consumer.php b/include/openid/Auth/OpenID/Consumer.php
@@ -957,6 +957,10 @@ function _idResCheckSignature($message, $server_url)
             }
 
             if (!$assoc->checkMessageSignature($message)) {
+                // If we get a "bad signature" here, it means that the association
+                // is unrecoverabley corrupted in some way. Any futher attempts
+                // to login with this association is likely to fail. Drop it.
+                $this->store->removeAssociation($server_url, $assoc_handle);
                 return new Auth_OpenID_FailureResponse(null,
                                                        "Bad signature");
             }
@@ -1181,7 +1185,7 @@ function _discoverAndVerify($claimed_id, $to_match_endpoints)
         // oidutil.log('Performing discovery on %s' % (claimed_id,))
         list($unused, $services) = call_user_func($this->discoverMethod,
                                                   $claimed_id,
-												  $this->fetcher);
+                                                  &$this->fetcher);
 
         if (!$services) {
             return new Auth_OpenID_FailureResponse(null,
diff --git a/include/openid/Auth/OpenID/CryptUtil.php b/include/openid/Auth/OpenID/CryptUtil.php
@@ -104,5 +104,19 @@ static function randomString($length, $population = null)
 
         return $str;
     }
+
+    static function constEq($s1, $s2)
+    {
+        if (strlen($s1) != strlen($s2)) {
+            return false;
+        }
+
+        $result = true;
+        $length = strlen($s1);
+        for ($i = 0; $i < $length; $i++) {
+            $result &= ($s1[$i] == $s2[$i]);
+        }
+        return $result;
+    }
 }
 
diff --git a/include/openid/Auth/OpenID/HMAC.php b/include/openid/Auth/OpenID/HMAC.php
@@ -60,6 +60,13 @@ function Auth_OpenID_HMACSHA1($key, $text)
         $key = Auth_OpenID_SHA1($key, true);
     }
 
+    if (function_exists('hash_hmac') &&
+        function_exists('hash_algos') &&
+        (in_array('sha1', hash_algos()))) {
+        return hash_hmac('sha1', $text, $key, true);
+    }
+    // Home-made solution
+
     $key = str_pad($key, Auth_OpenID_SHA1_BLOCKSIZE, chr(0x00));
     $ipad = str_repeat(chr(0x36), Auth_OpenID_SHA1_BLOCKSIZE);
     $opad = str_repeat(chr(0x5c), Auth_OpenID_SHA1_BLOCKSIZE);
diff --git a/include/openid/Auth/OpenID/Message.php b/include/openid/Auth/OpenID/Message.php
@@ -684,7 +684,7 @@ function toFormMarkup($action_url, $form_tag_attrs = null,
         foreach ($this->toPostArgs() as $name => $value) {
             $form .= sprintf(
                         "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",
-                        $name, $value);
+                        $name, urldecode($value));
         }
 
         $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",
diff --git a/include/openid/Auth/OpenID/Parse.php b/include/openid/Auth/OpenID/Parse.php
@@ -227,7 +227,7 @@ function match($regexp, $text, &$match)
         if (!mb_ereg_search($regexp)) {
             return false;
         }
-        list($match) = mb_ereg_search_getregs();
+        $match = mb_ereg_search_getregs();
         return true;
     }
 
@@ -269,7 +269,7 @@ function parseLinkAttrs($html)
 
         // Try to find the <HEAD> tag.
         $head_re = $this->headFind();
-        $head_match = '';
+        $head_match = array();
         if (!$this->match($head_re, $stripped, $head_match)) {
                      ini_set( 'pcre.backtrack_limit', $old_btlimit );
                      return array();
@@ -278,7 +278,7 @@ function parseLinkAttrs($html)
         $link_data = array();
         $link_matches = array();
 
-        if (!preg_match_all($this->_link_find, $head_match[2],
+        if (!preg_match_all($this->_link_find, $head_match[0],
                             $link_matches)) {
             ini_set( 'pcre.backtrack_limit', $old_btlimit );
             return array();
diff --git a/include/openid/Auth/OpenID/Server.php b/include/openid/Auth/OpenID/Server.php
@@ -817,11 +817,11 @@ function equals($other)
      */
     function returnToVerified()
     {
-    	$fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
+        $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
         return call_user_func_array($this->verifyReturnTo,
                                     array($this->trust_root, $this->return_to, $fetcher));
     }
-    
+
     static function fromMessage($message, $server)
     {
         $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');
@@ -1704,7 +1704,7 @@ function handleRequest($request)
     {
         if (method_exists($this, "openid_" . $request->mode)) {
             $handler = array($this, "openid_" . $request->mode);
-            return call_user_func($handler, $request);
+            return call_user_func($handler, &$request);
         }
         return null;
     }
diff --git a/include/openid/Auth/OpenID/TrustRoot.php b/include/openid/Auth/OpenID/TrustRoot.php
@@ -413,7 +413,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher,
     }
 
     call_user_func_array($discover_function,
-                         array($relying_party_url, $fetcher));
+                         array($relying_party_url, &$fetcher));
 
     $return_to_urls = array();
     $matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);
diff --git a/include/openid/Auth/Yadis/Manager.php b/include/openid/Auth/Yadis/Manager.php
@@ -413,7 +413,7 @@ function getNextService($discover_cb, $fetcher)
 
             list($yadis_url, $services) = call_user_func($discover_cb,
                                                          $this->url,
-                                                         $fetcher);
+                                                         &$fetcher);
 
             $manager = $this->createManager($services, $yadis_url);
         }
diff --git a/include/openid/Auth/Yadis/ParanoidHTTPFetcher.php b/include/openid/Auth/Yadis/ParanoidHTTPFetcher.php
@@ -129,9 +129,19 @@ function get($url, $extra_headers = null)
             curl_setopt($c, CURLOPT_URL, $url);
 
             if (defined('Auth_OpenID_VERIFY_HOST')) {
-                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
-                curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+                // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+                // is explicitly set, otherwise use system default.
+                if (Auth_OpenID_VERIFY_HOST) {
+                    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+                    curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+                    if (defined('Auth_OpenID_CAINFO')) {
+                        curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+                    }
+                } else {
+                    curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+                }
             }
+
             curl_exec($c);
 
             $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -153,6 +163,7 @@ function get($url, $extra_headers = null)
                 curl_close($c);
 
                 if (defined('Auth_OpenID_VERIFY_HOST') &&
+                    Auth_OpenID_VERIFY_HOST == true &&
                     $this->isHTTPS($url)) {
                     Auth_OpenID::log('OpenID: Verified SSL host %s using '.
                                      'curl/get', $url);
@@ -202,8 +213,17 @@ function post($url, $body, $extra_headers = null)
                     array($this, "_writeData"));
 
         if (defined('Auth_OpenID_VERIFY_HOST')) {
-            curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
-            curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+            // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+            // is explicitly set, otherwise use system default.
+            if (Auth_OpenID_VERIFY_HOST) {
+                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+                curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+                if (defined('Auth_OpenID_CAINFO')) {
+                    curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+                }
+            } else {
+                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+            }
         }
 
         curl_exec($c);
@@ -217,7 +237,9 @@ function post($url, $body, $extra_headers = null)
             return null;
         }
 
-        if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
+        if (defined('Auth_OpenID_VERIFY_HOST') &&
+            Auth_OpenID_VERIFY_HOST == true &&
+            $this->isHTTPS($url)) {
             Auth_OpenID::log('OpenID: Verified SSL host %s using '.
                              'curl/post', $url);
         }
diff --git a/include/openid/Auth/Yadis/XRDS.php b/include/openid/Auth/Yadis/XRDS.php
@@ -429,7 +429,7 @@ function services($filters = null,
 
                 foreach ($filters as $filter) {
 
-                    if (call_user_func_array($filter, array($service))) {
+                    if (call_user_func_array($filter, array(&$service))) {
                         $matches++;
 
                         if ($filter_mode == SERVICES_YADIS_MATCH_ANY) {
diff --git a/include/openid/Auth/Yadis/Yadis.php b/include/openid/Auth/Yadis/Yadis.php
@@ -141,7 +141,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
     }
 
     $yadis_result = call_user_func_array($discover_func,
-                                         array($input_url, $fetcher));
+                                         array($input_url, &$fetcher));
 
     if ($yadis_result === null) {
         return array($input_url, array());
diff --git a/login_custom_action/openid/action/discover.php b/login_custom_action/openid/action/discover.php
@@ -34,7 +34,7 @@
  *
  * @var array
  */
-// TODO use data from provider eini-files
+// TODO use data from provider ini-files
 $openid_map = array
 (
     // gmail.com e-mail addresses.

Original file line number	Diff line number	Diff line change
`@@ -374,7 +374,7 @@ function checkMessageSignature($message)`
`374`	`374`	`}`
`375`	`375`
`376`	`376`	`$calculated_sig = $this->getMessageSignature($message);`
`377`		`- return $calculated_sig == $sig;`
	`377`	`+ return Auth_OpenID_CryptUtil::constEq($calculated_sig, $sig);`
`378`	`378`	`}`
`379`	`379`	`}`
`380`	`380`
Original file line number	Diff line number	Diff line change
`@@ -365,7 +365,6 @@ function Auth_OpenID_detectMathLibrary($exts)`
`365`	`365`	`{`
`366`	`366`	`$loaded = false;`
`367`	`367`
`368`		`- $hasDl = function_exists('dl');`
`369`	`368`	`foreach ($exts as $extension) {`
`370`	`369`	`if (extension_loaded($extension['extension'])) {`
`371`	`370`	`return $extension;`
Original file line number	Diff line number	Diff line change
`@@ -684,7 +684,7 @@ function toFormMarkup($action_url, $form_tag_attrs = null,`
`684`	`684`	`foreach ($this->toPostArgs() as $name => $value) {`
`685`	`685`	`$form .= sprintf(`
`686`	`686`	`"<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",`
`687`		`- $name, $value);`
	`687`	`+ $name, urldecode($value));`
`688`	`688`	`}`
`689`	`689`
`690`	`690`	`$form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",`
Original file line number	Diff line number	Diff line change
`@@ -817,11 +817,11 @@ function equals($other)`
`817`	`817`	`*/`
`818`	`818`	`function returnToVerified()`
`819`	`819`	`{`
`820`		`- $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();`
	`820`	`+ $fetcher = Auth_Yadis_Yadis::getHTTPFetcher();`
`821`	`821`	`return call_user_func_array($this->verifyReturnTo,`
`822`	`822`	`array($this->trust_root, $this->return_to, $fetcher));`
`823`	`823`	`}`
`824`		`-`
	`824`	`+`
`825`	`825`	`static function fromMessage($message, $server)`
`826`	`826`	`{`
`827`	`827`	`$mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode');`
`@@ -1704,7 +1704,7 @@ function handleRequest($request)`
`1704`	`1704`	`{`
`1705`	`1705`	`if (method_exists($this, "openid_" . $request->mode)) {`
`1706`	`1706`	`$handler = array($this, "openid_" . $request->mode);`
`1707`		`- return call_user_func($handler, $request);`
	`1707`	`+ return call_user_func($handler, &$request);`
`1708`	`1708`	`}`
`1709`	`1709`	`return null;`
`1710`	`1710`	`}`
Original file line number	Diff line number	Diff line change
`@@ -413,7 +413,7 @@ function Auth_OpenID_getAllowedReturnURLs($relying_party_url, $fetcher,`
`413`	`413`	`}`
`414`	`414`
`415`	`415`	`call_user_func_array($discover_function,`
`416`		`- array($relying_party_url, $fetcher));`
	`416`	`+ array($relying_party_url, &$fetcher));`
`417`	`417`
`418`	`418`	`$return_to_urls = array();`
`419`	`419`	`$matching_endpoints = Auth_OpenID_extractReturnURL($endpoints);`
Original file line number	Diff line number	Diff line change
`@@ -413,7 +413,7 @@ function getNextService($discover_cb, $fetcher)`
`413`	`413`
`414`	`414`	`list($yadis_url, $services) = call_user_func($discover_cb,`
`415`	`415`	`$this->url,`
`416`		`- $fetcher);`
	`416`	`+ &$fetcher);`
`417`	`417`
`418`	`418`	`$manager = $this->createManager($services, $yadis_url);`
`419`	`419`	`}`