-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authenticate Problem on php 8 #353
Comments
A pull request for this one: |
By doing if (isset($_REQUEST['state']) && ($_REQUEST['state'] !== $this->getState())) { Don't you bypass the state check if the state is not set? I assume you want something like if (!isset($_REQUEST['state']) || ($_REQUEST['state'] !== $this->getState())) { As you are then throwing the exception if the state is not set, instead of bypassing it. |
Hi @LauJosefsen, you are correct. I changed my code. |
azmeuk
added a commit
that referenced
this issue
Mar 16, 2023
Add an extra check on $_REQUEST['state'] (issue #353)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you use this library on a php 8 project with php warnings enabled you experience this problem.
In OpenIDConnectClient class, in authenticate method there will be a warning in line 341 $_REQUEST['state'] that the state in not defined.
And after this error you get this error Warning: Cannot modify header information - headers already sent by... and then it fails.
I will provide a pull request, with an extra check if $_REQUEST['state'] exists.
The text was updated successfully, but these errors were encountered: