function Auth_OpenID_verifyReturnTo($realm_str, $return_to, &$fetcher, $_vrfy = 'Auth_OpenID_getAllowedReturnURLs') { $disco_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm_str); if ($disco_url === false) { return false; } $allowable_urls = call_user_func_array($_vrfy, array($disco_url, &$fetcher)); // The realm_str could not be parsed. if ($allowable_urls === false) { return false; } if (Auth_OpenID_returnToMatches($allowable_urls, $return_to)) { return true; } else { return false; } }
function test_noMatch() { $r = 'http://example.com/return.to'; $this->assertFalse(Auth_OpenID_returnToMatches(array($r), 'http://example.com/xss_exploit')); }