Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[project @ Update NEWS, add specific error to complete() with query a…

…s first parameter]
  • Loading branch information...
commit 350de628a743e433c2abf42c0e4d752e8a587984 1 parent 691ad46
tailor authored
Showing with 13 additions and 2 deletions.
  1. +8 −0 Auth/OpenID/Consumer.php
  2. +5 −2 NEWS
View
8 Auth/OpenID/Consumer.php
@@ -401,6 +401,14 @@ function &beginWithoutDiscovery($endpoint, $anonymous=false)
*/
function complete($return_to, $query=null)
{
+ if ($return_to && !is_string($return_to)) {
+ // This is ugly, but we need to complain loudly when
+ // someone uses the API incorrectly.
+ trigger_error("return_to must be a string; see NEWS file " .
+ "for upgrading notes.",
+ E_USER_ERROR);
+ }
+
if ($query === null) {
$query = Auth_OpenID::getQuery();
}
View
7 NEWS
@@ -44,9 +44,12 @@ If you cannot run the Python script, you can re-create your store by
dropping the tables in the store and calling createTables() on the
store object.
-Consumers should now pass an additional parameter to
+Consumers should now pass the consumer return_to URL to
Auth_OpenID_Consumer::complete() to defend against return_to URL
-tampering.
+tampering. This has REPLACED the old parameter, $query. $query is
+now a second optional parameter. It is STRONGLY RECOMMENDED that you
+never override $query, since the OpenID library uses its own logic to
+sidestep PHP's broken request-processing code.
Summary of API Changes
Please sign in to comment.
Something went wrong with that request. Please try again.