diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-11-24 05:20:48 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-11-24 05:20:48 +0000 |
commit | c85b24f0f7c17e6cb6a75538b8bee43bed92f2a7 (patch) | |
tree | 8e32e3c156b9bc9a1526aae86ce9f5d27743e730 /modules/openid | |
parent | 7624967bd77a5718bdbd3516bc4ca321f5fd4063 (diff) | |
download | brdo-c85b24f0f7c17e6cb6a75538b8bee43bed92f2a7.tar.gz brdo-c85b24f0f7c17e6cb6a75538b8bee43bed92f2a7.tar.bz2 |
- Patch #575804 by Heine, c960657: fixed OpenID URL normalization #fragment handling.
Diffstat (limited to 'modules/openid')
-rw-r--r-- | modules/openid/openid.inc | 3 | ||||
-rw-r--r-- | modules/openid/openid.test | 60 |
2 files changed, 43 insertions, 20 deletions
diff --git a/modules/openid/openid.inc b/modules/openid/openid.inc index ef923c97e..4198048df 100644 --- a/modules/openid/openid.inc +++ b/modules/openid/openid.inc @@ -144,6 +144,9 @@ function _openid_normalize_url($url) { $normalized_url = 'http://' . $url; } + // Strip the fragment and fragment delimiter if present. + $normalized_url = strtok($normalized_url, '#'); + if (substr_count($normalized_url, '/') < 3) { $normalized_url .= '/'; } diff --git a/modules/openid/openid.test b/modules/openid/openid.test index f53aa7bd1..bfaa1da69 100644 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -335,25 +335,45 @@ class OpenIDUnitTest extends DrupalWebTestCase { // section 7.2. If the user-supplied string starts with xri:// it should be // stripped and the resulting string should be treated as an XRI when it // starts with "=", "@", "+", "$", "!" or "(". - $this->assertTrue(_openid_is_xri('xri://=foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); - $this->assertTrue(_openid_is_xri('xri://@foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); - $this->assertTrue(_openid_is_xri('xri://+foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); - $this->assertTrue(_openid_is_xri('xri://$foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme.')); - $this->assertTrue(_openid_is_xri('xri://!foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme..')); - $this->assertTrue(_openid_is_xri('xri://(foo'), t('_openid_is_xri returned expected result for an xri identifier with xri scheme..')); - - $this->assertTrue(_openid_is_xri('=foo'), t('_openid_is_xri returned expected result for an xri identifier.')); - $this->assertTrue(_openid_is_xri('@foo'), t('_openid_is_xri returned expected result for an xri identifier.')); - $this->assertTrue(_openid_is_xri('+foo'), t('_openid_is_xri returned expected result for an xri identifier.')); - $this->assertTrue(_openid_is_xri('$foo'), t('_openid_is_xri returned expected result for an xri identifier.')); - $this->assertTrue(_openid_is_xri('!foo'), t('_openid_is_xri returned expected result for an xri identifier.')); - $this->assertTrue(_openid_is_xri('(foo'), t('_openid_is_xri returned expected result for an xri identifier.')); - - $this->assertFalse(_openid_is_xri('foo'), t('_openid_is_xri returned expected result for an http URL.')); - $this->assertFalse(_openid_is_xri('xri://foo'), t('_openid_is_xri returned expected result for an http URL.')); - $this->assertFalse(_openid_is_xri('http://foo/'), t('_openid_is_xri returned expected result for an http URL.')); - $this->assertFalse(_openid_is_xri('http://example.com/'), t('_openid_is_xri returned expected result for an http URL.')); - $this->assertFalse(_openid_is_xri('user@example.com/'), t('_openid_is_xri returned expected result for an http URL.')); - $this->assertFalse(_openid_is_xri('http://user@example.com/'), t('_openid_is_xri returned expected result for an http URL.')); + $this->assertTrue(_openid_is_xri('xri://=foo'), t('_openid_is_xri() returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://@foo'), t('_openid_is_xri() returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://+foo'), t('_openid_is_xri() returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://$foo'), t('_openid_is_xri() returned expected result for an xri identifier with xri scheme.')); + $this->assertTrue(_openid_is_xri('xri://!foo'), t('_openid_is_xri() returned expected result for an xri identifier with xri scheme..')); + $this->assertTrue(_openid_is_xri('xri://(foo'), t('_openid_is_xri() returned expected result for an xri identifier with xri scheme..')); + + $this->assertTrue(_openid_is_xri('=foo'), t('_openid_is_xri() returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('@foo'), t('_openid_is_xri() returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('+foo'), t('_openid_is_xri() returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('$foo'), t('_openid_is_xri() returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('!foo'), t('_openid_is_xri() returned expected result for an xri identifier.')); + $this->assertTrue(_openid_is_xri('(foo'), t('_openid_is_xri() returned expected result for an xri identifier.')); + + $this->assertFalse(_openid_is_xri('foo'), t('_openid_is_xri() returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('xri://foo'), t('_openid_is_xri() returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('http://foo/'), t('_openid_is_xri() returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('http://example.com/'), t('_openid_is_xri() returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('user@example.com/'), t('_openid_is_xri() returned expected result for an http URL.')); + $this->assertFalse(_openid_is_xri('http://user@example.com/'), t('_openid_is_xri() returned expected result for an http URL.')); } + + /** + * Test _openid_normalize(). + */ + function testOpenidNormalize() { + // Test that the normalization is according to OpenID Authentication 2.0, + // section 7.2 and 11.5.2. + + $this->assertEqual(_openid_normalize('$foo'), '$foo', t('_openid_normalize() correctly normalized an XRI.')); + $this->assertEqual(_openid_normalize('xri://$foo'), '$foo', t('_openid_normalize() correctly normalized an XRI with an xri:// scheme.')); + + $this->assertEqual(_openid_normalize('example.com/'), 'http://example.com/', t('_openid_normalize() correctly normalized a URL with a missing scheme.')); + $this->assertEqual(_openid_normalize('example.com'), 'http://example.com/', t('_openid_normalize() correctly normalized a URL with a missing scheme and empty path.')); + $this->assertEqual(_openid_normalize('http://example.com'), 'http://example.com/', t('_openid_normalize() correctly normalized a URL with an empty path.')); + + $this->assertEqual(_openid_normalize('http://example.com/path'), 'http://example.com/path', t('_openid_normalize() correctly normalized a URL with a path.')); + + $this->assertEqual(_openid_normalize('http://example.com/path#fragment'), 'http://example.com/path', t('_openid_normalize() correctly normalized a URL with a fragment.')); + } + } |