From e8d18e41fc25af8dad5746e5b3bd6982c2492c2e Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Mon, 22 Mar 2010 18:48:20 +0000 Subject: - Patch #218097 by c960657: OpenID must use canonical ID when authenticating XRI i-names. --- modules/openid/tests/openid_test.module | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'modules/openid/tests/openid_test.module') diff --git a/modules/openid/tests/openid_test.module b/modules/openid/tests/openid_test.module index e980bb6c8..db03641c5 100644 --- a/modules/openid/tests/openid_test.module +++ b/modules/openid/tests/openid_test.module @@ -69,10 +69,29 @@ function openid_test_menu() { */ function openid_test_yadis_xrds() { if ($_SERVER['HTTP_ACCEPT'] == 'application/xrds+xml') { + // Only respond to XRI requests for one specific XRI. The is used to verify + // that the XRI has been properly encoded. The "+" sign in the _xrd_r query + // parameter is decoded to a space by PHP. + if (arg(3) == 'xri') { + if (variable_get('clean_url', 0)) { + if (arg(4) != '@example*résumé;%25' || $_GET['_xrd_r'] != 'application/xrds xml') { + drupal_not_found(); + } + } + else { + // Drupal cannot properly emulate an XRI proxy resolver using unclean + // URLs, so the arguments gets messed up. + if (arg(4) . '/' . arg(5) != '@example*résumé;%25?_xrd_r=application/xrds xml') { + drupal_not_found(); + } + } + } drupal_add_http_header('Content-Type', 'application/xrds+xml'); print ' + xri://@ + http://example.com/user http://example.com/this-is-ignored @@ -102,7 +121,7 @@ function openid_test_yadis_xrds() { '; } print ' - + '; } else { -- cgit v1.2.3