Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: entp/ruby-openid
base: 8e979da19e
...
head fork: entp/ruby-openid
compare: d29cb73b49
Checking mergeability… Don't worry, you can still create the pull request.
  • 5 commits
  • 5 files changed
  • 0 commit comments
  • 4 contributors
View
2  lib/openid/message.rb
@@ -288,7 +288,7 @@ def to_form_markup(action_url, form_tag_attrs=nil, submit_text='Continue')
markup += ">\n"
to_post_args.each { |k,v|
- markup += "<input type='hidden' name='#{k}' value='#{v}' />\n"
+ markup += "<input type='hidden' name='#{k}' value='#{OpenID::Util.html_encode(v)}' />\n"
}
markup += "<input type='submit' value='#{submit_text}' />\n"
markup += "\n</form>"
View
2  lib/openid/store/filesystem.rb
@@ -236,7 +236,7 @@ def filename_escape(s)
if @@FILENAME_ALLOWED.index(c)
filename_chunks << c
else
- filename_chunks << sprintf("_%02X", c[0])
+ filename_chunks << sprintf("_%02X", c.bytes.first)
end
end
filename_chunks.join("")
View
12 lib/openid/store/memcache.rb
@@ -63,7 +63,11 @@ def use_nonce(server_url, timestamp, salt)
ts = timestamp.to_s # base 10 seconds since epoch
nonce_key = key_prefix + 'N' + server_url + '|' + ts + '|' + salt
result = @cache_client.add(nonce_key, '', expiry(Nonce.skew + 5))
- return !!(result =~ /^STORED/)
+ if result.is_a? String
+ return !!(result =~ /^STORED/)
+ else
+ return result == true
+ end
end
def assoc_key(server_url, assoc_handle=nil)
@@ -87,7 +91,11 @@ def cleanup_associations
def delete(key)
result = @cache_client.delete(key)
- return !!(result =~ /^DELETED/)
+ if result.is_a? String
+ return !!(result =~ /^DELETED/)
+ else
+ return result == true
+ end
end
def serialize(assoc)
View
6 lib/openid/util.rb
@@ -105,6 +105,12 @@ def Util.auto_submit_html(form, title='OpenID transaction in progress')
</html>
"
end
+
+ ESCAPE_TABLE = { '&' => '&amp;', '<' => '&lt;', '>' => '&gt;', '"' => '&quot;', "'" => '&#039;' }
+ # Modified from ERb's html_encode
+ def Util.html_encode(s)
+ s.to_s.gsub(/[&<>"']/) {|s| ESCAPE_TABLE[s] }
+ end
end
end
View
1  test/test_message.rb
@@ -902,6 +902,7 @@ def setup
'openid.identity' => 'http://bogus.example.invalid:port/',
'openid.assoc_handle' => 'FLUB',
'openid.return_to' => 'Neverland',
+ 'openid.ax.value.fullname' => "Bob&Smith'"
}
@action_url = 'scheme://host:port/path?query'

No commit comments for this range

Something went wrong with that request. Please try again.