/** * Gets the query data from the server environment based on the * request method used. If GET was used, this looks at * $_SERVER['QUERY_STRING'] directly. If POST was used, this * fetches data from the special php://input file stream. * * Returns an associative array of the query arguments. * * Skips invalid key/value pairs (i.e. keys with no '=value' * portion). * * Returns an empty array if neither GET nor POST was used, or if * POST was used but php://input cannot be opened. * * See background: * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html * * @access private */ static function getQuery($query_str = null) { $data = array(); if ($query_str !== null) { $data = Auth_OpenID::params_from_string($query_str); } else { if (!array_key_exists('REQUEST_METHOD', $_SERVER)) { // Do nothing. } else { // HACK // // POSTing to a URL with query parameters is acceptable, but // we don't have a clean way to distinguish those parameters // when we need to do things like return_to verification // which only want to look at one kind of parameter. We're // going to emulate the behavior of some other environments // by defaulting to GET and overwriting with POST if POST // data is available. $data = Auth_OpenID::params_from_string($_SERVER['QUERY_STRING']); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $str = file_get_contents('php://input'); if ($str === false) { $post = array(); } else { $post = Auth_OpenID::params_from_string($str); } $data = array_merge($data, $post); } } } return $data; }
protected function decodeQuery($query) { return \Auth_OpenID::params_from_string($query); }