[project @ Update NEWS, add specific error to complete() with query as first parameter]

tailor · tailor · commit 350de628a743 · 2007-11-27T22:22:14.000Z
diff --git a/Auth/OpenID/Consumer.php b/Auth/OpenID/Consumer.php
@@ -401,6 +401,14 @@ function &beginWithoutDiscovery($endpoint, $anonymous=false)
      */
     function complete($return_to, $query=null)
     {
+        if ($return_to && !is_string($return_to)) {
+            // This is ugly, but we need to complain loudly when
+            // someone uses the API incorrectly.
+            trigger_error("return_to must be a string; see NEWS file " .
+                          "for upgrading notes.",
+                          E_USER_ERROR);
+        }
+
         if ($query === null) {
             $query = Auth_OpenID::getQuery();
         }
diff --git a/NEWS b/NEWS
@@ -44,9 +44,12 @@ If you cannot run the Python script, you can re-create your store by
 dropping the tables in the store and calling createTables() on the
 store object.
 
-Consumers should now pass an additional parameter to
+Consumers should now pass the consumer return_to URL to
 Auth_OpenID_Consumer::complete() to defend against return_to URL
-tampering.
+tampering.  This has REPLACED the old parameter, $query.  $query is
+now a second optional parameter.  It is STRONGLY RECOMMENDED that you
+never override $query, since the OpenID library uses its own logic to
+sidestep PHP's broken request-processing code.
 
 
 Summary of API Changes
