Browse files

[project @ Update NEWS, add specific error to complete() with query a…

…s first parameter]
  • Loading branch information...
tailor committed Nov 27, 2007
1 parent 691ad46 commit 350de628a743e433c2abf42c0e4d752e8a587984
Showing with 13 additions and 2 deletions.
  1. +8 −0 Auth/OpenID/Consumer.php
  2. +5 −2 NEWS
@@ -401,6 +401,14 @@ function &beginWithoutDiscovery($endpoint, $anonymous=false)
function complete($return_to, $query=null)
+ if ($return_to && !is_string($return_to)) {
+ // This is ugly, but we need to complain loudly when
+ // someone uses the API incorrectly.
+ trigger_error("return_to must be a string; see NEWS file " .
+ "for upgrading notes.",
+ }
if ($query === null) {
$query = Auth_OpenID::getQuery();
@@ -44,9 +44,12 @@ If you cannot run the Python script, you can re-create your store by
dropping the tables in the store and calling createTables() on the
store object.
-Consumers should now pass an additional parameter to
+Consumers should now pass the consumer return_to URL to
Auth_OpenID_Consumer::complete() to defend against return_to URL
+tampering. This has REPLACED the old parameter, $query. $query is
+now a second optional parameter. It is STRONGLY RECOMMENDED that you
+never override $query, since the OpenID library uses its own logic to
+sidestep PHP's broken request-processing code.
Summary of API Changes

0 comments on commit 350de62

Please sign in to comment.