Öffentliche Methoden | |
buildDiscoveryURL ($realm) | |
match ($trust_root, $url) | |
Öffentliche, statische Methoden | |
_parse ($trust_root) | |
isSane ($trust_root) |
Definiert in Zeile 47 der Datei TrustRoot.php.
_parse | ( | $ | trust_root | ) | [static] |
Parse a URL into its trust_root parts.
private
string | $trust_root The url to parse |
Definiert in Zeile 94 der Datei TrustRoot.php.
00097 { 00098 $trust_root = Auth_OpenID_urinorm($trust_root); 00099 if ($trust_root === null) { 00100 return false; 00101 } 00102 00103 if (preg_match("/:\/\/[^:]+(:\d+){2,}(\/|$)/", $trust_root)) { 00104 return false; 00105 } 00106 00107 $parts = @parse_url($trust_root); 00108 if ($parts === false) { 00109 return false; 00110 } 00111 00112 $required_parts = array('scheme', 'host'); 00113 $forbidden_parts = array('user', 'pass', 'fragment'); 00114 $keys = array_keys($parts); 00115 if (array_intersect($keys, $required_parts) != $required_parts) { 00116 return false; 00117 } 00118 00119 if (array_intersect($keys, $forbidden_parts) != array()) { 00120 return false; 00121 } 00122 00123 if (!preg_match(Auth_OpenID___HostSegmentRe, $parts['host'])) { 00124 return false; 00125 } 00126 00127 $scheme = strtolower($parts['scheme']); 00128 $allowed_schemes = array('http', 'https'); 00129 if (!in_array($scheme, $allowed_schemes)) { 00130 return false; 00131 } 00132 $parts['scheme'] = $scheme; 00133 00134 $host = strtolower($parts['host']); 00135 $hostparts = explode('*', $host); 00136 switch (count($hostparts)) { 00137 case 1: 00138 $parts['wildcard'] = false; 00139 break; 00140 case 2: 00141 if ($hostparts[0] || 00142 ($hostparts[1] && substr($hostparts[1], 0, 1) != '.')) { 00143 return false; 00144 } 00145 $host = $hostparts[1]; 00146 $parts['wildcard'] = true; 00147 break; 00148 default: 00149 return false; 00150 } 00151 if (strpos($host, ':') !== false) { 00152 return false; 00153 } 00154 00155 $parts['host'] = $host; 00156 00157 if (isset($parts['path'])) { 00158 $path = strtolower($parts['path']); 00159 if (substr($path, 0, 1) != '/') { 00160 return false; 00161 } 00162 } else { 00163 $path = '/'; 00164 } 00165 00166 $parts['path'] = $path; 00167 if (!isset($parts['port'])) { 00168 $parts['port'] = false; 00169 } 00170 00171 00172 $parts['unparsed'] = $trust_root; 00173
buildDiscoveryURL | ( | $ | realm | ) |
Definiert in Zeile 59 der Datei TrustRoot.php.
00062 { 00063 $parsed = Auth_OpenID_TrustRoot::_parse($realm); 00064 00065 if ($parsed === false) { 00066 return false; 00067 } 00068 00069 if ($parsed['wildcard']) { 00070 // Use "www." in place of the star 00071 if ($parsed['host'][0] != '.') { 00072 return false; 00073 } 00074 00075 $www_domain = 'www' . $parsed['host']; 00076 00077 return sprintf('%s://%s%s', $parsed['scheme'], 00078 $www_domain, $parsed['path']); 00079 } else { 00080 return $parsed['unparsed'];
isSane | ( | $ | trust_root | ) | [static] |
Is this trust root sane?
A trust root is sane if it is syntactically valid and it has a reasonable domain name. Specifically, the domain name must be more than one level below a standard TLD or more than two levels below a two-letter tld.
For example, '*.com' is not a sane trust root, but '*.foo.com' is. '*.co.uk' is not sane, but '*.bbc.co.uk' is.
This check is not always correct, but it attempts to err on the side of marking sane trust roots insane instead of marking insane trust roots sane. For example, 'kink.fm' is marked as insane even though it "should" (for some meaning of should) be marked sane.
This function should be used when creating OpenID servers to alert the users of the server when a consumer attempts to get the user to accept a suspicious trust root.
string | $trust_root The trust root to check |
Definiert in Zeile 200 der Datei TrustRoot.php.
00203 { 00204 $parts = Auth_OpenID_TrustRoot::_parse($trust_root); 00205 if ($parts === false) { 00206 return false; 00207 } 00208 00209 // Localhost is a special case 00210 if ($parts['host'] == 'localhost') { 00211 return true; 00212 } 00213 00214 $host_parts = explode('.', $parts['host']); 00215 if ($parts['wildcard']) { 00216 // Remove the empty string from the beginning of the array 00217 array_shift($host_parts); 00218 } 00219 00220 if ($host_parts && !$host_parts[count($host_parts) - 1]) { 00221 array_pop($host_parts); 00222 } 00223 00224 if (!$host_parts) { 00225 return false; 00226 } 00227 00228 // Don't allow adjacent dots 00229 if (in_array('', $host_parts, true)) { 00230 return false; 00231 } 00232 00233 // Get the top-level domain of the host. If it is not a valid TLD, 00234 // it's not sane. 00235 preg_match(Auth_OpenID___TLDs, $parts['host'], $matches); 00236 if (!$matches) { 00237 return false; 00238 } 00239 $tld = $matches[1]; 00240 00241 if (count($host_parts) == 1) { 00242 return false; 00243 } 00244 00245 if ($parts['wildcard']) { 00246 // It's a 2-letter tld with a short second to last segment 00247 // so there needs to be more than two segments specified 00248 // (e.g. *.co.uk is insane) 00249 $second_level = $host_parts[count($host_parts) - 2]; 00250 if (strlen($tld) == 2 && strlen($second_level) <= 3) { 00251 return count($host_parts) > 2; 00252 } 00253 } 00254
match | ( | $ | trust_root, | |
$ | url | |||
) |
Does this URL match the given trust root?
Return whether the URL falls under the given trust root. This does not check whether the trust root is sane. If the URL or trust root do not parse, this function will return false.
string | $trust_root The trust root to match against | |
string | $url The URL to check |
Definiert in Zeile 270 der Datei TrustRoot.php.
00273 { 00274 $trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root); 00275 $url_parsed = Auth_OpenID_TrustRoot::_parse($url); 00276 if (!$trust_root_parsed || !$url_parsed) { 00277 return false; 00278 } 00279 00280 // Check hosts matching 00281 if ($url_parsed['wildcard']) { 00282 return false; 00283 } 00284 if ($trust_root_parsed['wildcard']) { 00285 $host_tail = $trust_root_parsed['host']; 00286 $host = $url_parsed['host']; 00287 if ($host_tail && 00288 substr($host, -(strlen($host_tail))) != $host_tail && 00289 substr($host_tail, 1) != $host) { 00290 return false; 00291 } 00292 } else { 00293 if ($trust_root_parsed['host'] != $url_parsed['host']) { 00294 return false; 00295 } 00296 } 00297 00298 // Check path and query matching 00299 $base_path = $trust_root_parsed['path']; 00300 $path = $url_parsed['path']; 00301 if (!isset($trust_root_parsed['query'])) { 00302 if ($base_path != $path) { 00303 if (substr($path, 0, strlen($base_path)) != $base_path) { 00304 return false; 00305 } 00306 if (substr($base_path, strlen($base_path) - 1, 1) != '/' && 00307 substr($path, strlen($base_path), 1) != '/') { 00308 return false; 00309 } 00310 } 00311 } else { 00312 $base_query = $trust_root_parsed['query']; 00313 $query = @$url_parsed['query']; 00314 $qplus = substr($query, 0, strlen($base_query) + 1); 00315 $bqplus = $base_query . '&'; 00316 if ($base_path != $path || 00317 ($base_query != $query && $qplus != $bqplus)) { 00318 return false; 00319 } 00320 } 00321 00322 // The port and scheme need to match exactly 00323 return ($trust_root_parsed['scheme'] == $url_parsed['scheme'] &&
Copyright © 2003 - 2009 MyOOS [Shopsystem]. All rights reserved. MyOOS [Shopsystem] is Free Software released under the GNU/GPL License. Webmaster: info@r23.de (Impressum) |
|