/** * Parse a URL into its trust_root parts. * * @static * * @access private * * @param string $trust_root The url to parse * * @return mixed $parsed Either an associative array of trust root * parts or false if parsing failed. */ function _parse($trust_root) { $trust_root = Auth_OpenID_urinorm($trust_root); if ($trust_root === null) { return false; } if (preg_match("/:\\/\\/[^:]+(:\\d+){2,}(\\/|\$)/", $trust_root)) { return false; } $parts = @parse_url($trust_root); if ($parts === false) { return false; } $required_parts = array('scheme', 'host'); $forbidden_parts = array('user', 'pass', 'fragment'); $keys = array_keys($parts); if (array_intersect($keys, $required_parts) != $required_parts) { return false; } if (array_intersect($keys, $forbidden_parts) != array()) { return false; } if (!preg_match(Auth_OpenID___HostSegmentRe, $parts['host'])) { return false; } $scheme = strtolower($parts['scheme']); $allowed_schemes = array('http', 'https'); if (!in_array($scheme, $allowed_schemes)) { return false; } $parts['scheme'] = $scheme; $host = strtolower($parts['host']); $hostparts = explode('*', $host); switch (count($hostparts)) { case 1: $parts['wildcard'] = false; break; case 2: if ($hostparts[0] || $hostparts[1] && substr($hostparts[1], 0, 1) != '.') { return false; } $host = $hostparts[1]; $parts['wildcard'] = true; break; default: return false; } if (strpos($host, ':') !== false) { return false; } $parts['host'] = $host; if (isset($parts['path'])) { $path = strtolower($parts['path']); if (substr($path, 0, 1) != '/') { return false; } } else { $path = '/'; } $parts['path'] = $path; if (!isset($parts['port'])) { $parts['port'] = false; } $parts['unparsed'] = $trust_root; return $parts; }
/** * @access private */ function _checkReturnTo($message, $return_to) { // Check an OpenID message and its openid.return_to value // against a return_to URL from an application. Return True // on success, False on failure. // Check the openid.return_to args against args in the // original message. $result = Auth_OpenID_GenericConsumer::_verifyReturnToArgs($message->toPostArgs()); if (Auth_OpenID::isFailure($result)) { return false; } // Check the return_to base URL against the one in the // message. $msg_return_to = $message->getArg(Auth_OpenID_OPENID_NS, 'return_to'); if (Auth_OpenID::isFailure($return_to)) { // XXX log me return false; } $return_to_parts = parse_url(Auth_OpenID_urinorm($return_to)); $msg_return_to_parts = parse_url(Auth_OpenID_urinorm($msg_return_to)); // If port is absent from both, add it so it's equal in the // check below. if (!array_key_exists('port', $return_to_parts) && !array_key_exists('port', $msg_return_to_parts)) { $return_to_parts['port'] = null; $msg_return_to_parts['port'] = null; } // If path is absent from both, add it so it's equal in the // check below. if (!array_key_exists('path', $return_to_parts) && !array_key_exists('path', $msg_return_to_parts)) { $return_to_parts['path'] = null; $msg_return_to_parts['path'] = null; } // The URL scheme, authority, and path MUST be the same // between the two URLs. foreach (array('scheme', 'host', 'port', 'path') as $component) { // If the url component is absent in either URL, fail. // There should always be a scheme, host, port, and path. if (!array_key_exists($component, $return_to_parts)) { return false; } if (!array_key_exists($component, $msg_return_to_parts)) { return false; } if (Auth_OpenID::arrayGet($return_to_parts, $component) !== Auth_OpenID::arrayGet($msg_return_to_parts, $component)) { return false; } } return true; }
function runTest() { $actual = Auth_OpenID_urinorm($this->uri); $this->assertEquals($this->expected, $actual); }
/** * Given a URL, this "normalizes" it by adding a trailing slash * and / or a leading http:// scheme where necessary. Returns * null if the original URL is malformed and cannot be normalized. * * @access private * @param string $url The URL to be normalized. * @return mixed $new_url The URL after normalization, or null if * $url was malformed. */ static function normalizeUrl($url) { @($parsed = parse_url($url)); if (!$parsed) { return null; } if (isset($parsed['scheme']) && isset($parsed['host'])) { $scheme = strtolower($parsed['scheme']); if (!in_array($scheme, array('http', 'https'))) { return null; } } else { $url = 'http://' . $url; } $normalized = Auth_OpenID_urinorm($url); if ($normalized === null) { return null; } list($defragged, $frag) = Auth_OpenID::urldefrag($normalized); return $defragged; }
function doOpenIDValidate($openid) { // use the JanRain php-openid library require_once $this->module_path . 'php-openid-1.2.3/Auth/OpenID/URINorm.php'; $oModuleModel =& getModel('module'); $config = $oModuleModel->getModuleConfig('member'); if ($config->enable_openid != 'Y') { $this->stop('msg_invalid_request'); } ob_start(); require $this->module_path . 'openid_lib/class.openid.php'; require_once $this->module_path . 'openid_lib/libcurlemu.inc.php'; $openid_ctx = new SimpleOpenID(); $openid_ctx->SetIdentity(Auth_OpenID_urinorm($openid)); $openid_ctx->validation_result = $openid_ctx->ValidateWithServer(); ob_clean(); return $openid_ctx; }
function normalizeUrl($url) { return Auth_OpenID_urinorm($url); }