Auth_OpenID_TrustRoot Klassenreferenz


Öffentliche Methoden

 buildDiscoveryURL ($realm)
 match ($trust_root, $url)

Öffentliche, statische Methoden

 _parse ($trust_root)
 isSane ($trust_root)

Ausführliche Beschreibung

A wrapper for trust-root related functions

Definiert in Zeile 47 der Datei TrustRoot.php.


Dokumentation der Elementfunktionen

_parse ( trust_root  )  [static]

Parse a URL into its trust_root parts.

private

Parameter:
string $trust_root The url to parse
Rückgabe:
mixed $parsed Either an associative array of trust root parts or false if parsing failed.

Definiert in Zeile 94 der Datei TrustRoot.php.

00097     {
00098         $trust_root = Auth_OpenID_urinorm($trust_root);
00099         if ($trust_root === null) {
00100             return false;
00101         }
00102 
00103         if (preg_match("/:\/\/[^:]+(:\d+){2,}(\/|$)/", $trust_root)) {
00104             return false;
00105         }
00106 
00107         $parts = @parse_url($trust_root);
00108         if ($parts === false) {
00109             return false;
00110         }
00111 
00112         $required_parts = array('scheme', 'host');
00113         $forbidden_parts = array('user', 'pass', 'fragment');
00114         $keys = array_keys($parts);
00115         if (array_intersect($keys, $required_parts) != $required_parts) {
00116             return false;
00117         }
00118 
00119         if (array_intersect($keys, $forbidden_parts) != array()) {
00120             return false;
00121         }
00122 
00123         if (!preg_match(Auth_OpenID___HostSegmentRe, $parts['host'])) {
00124             return false;
00125         }
00126 
00127         $scheme = strtolower($parts['scheme']);
00128         $allowed_schemes = array('http', 'https');
00129         if (!in_array($scheme, $allowed_schemes)) {
00130             return false;
00131         }
00132         $parts['scheme'] = $scheme;
00133 
00134         $host = strtolower($parts['host']);
00135         $hostparts = explode('*', $host);
00136         switch (count($hostparts)) {
00137         case 1:
00138             $parts['wildcard'] = false;
00139             break;
00140         case 2:
00141             if ($hostparts[0] ||
00142                 ($hostparts[1] && substr($hostparts[1], 0, 1) != '.')) {
00143                 return false;
00144             }
00145             $host = $hostparts[1];
00146             $parts['wildcard'] = true;
00147             break;
00148         default:
00149             return false;
00150         }
00151         if (strpos($host, ':') !== false) {
00152             return false;
00153         }
00154 
00155         $parts['host'] = $host;
00156 
00157         if (isset($parts['path'])) {
00158             $path = strtolower($parts['path']);
00159             if (substr($path, 0, 1) != '/') {
00160                 return false;
00161             }
00162         } else {
00163             $path = '/';
00164         }
00165 
00166         $parts['path'] = $path;
00167         if (!isset($parts['port'])) {
00168             $parts['port'] = false;
00169         }
00170 
00171 
00172         $parts['unparsed'] = $trust_root;
00173 

buildDiscoveryURL ( realm  ) 

Definiert in Zeile 59 der Datei TrustRoot.php.

00062     {
00063         $parsed = Auth_OpenID_TrustRoot::_parse($realm);
00064 
00065         if ($parsed === false) {
00066             return false;
00067         }
00068 
00069         if ($parsed['wildcard']) {
00070             // Use "www." in place of the star
00071             if ($parsed['host'][0] != '.') {
00072                 return false;
00073             }
00074 
00075             $www_domain = 'www' . $parsed['host'];
00076 
00077             return sprintf('%s://%s%s', $parsed['scheme'],
00078                            $www_domain, $parsed['path']);
00079         } else {
00080             return $parsed['unparsed'];

isSane ( trust_root  )  [static]

Is this trust root sane?

A trust root is sane if it is syntactically valid and it has a reasonable domain name. Specifically, the domain name must be more than one level below a standard TLD or more than two levels below a two-letter tld.

For example, '*.com' is not a sane trust root, but '*.foo.com' is. '*.co.uk' is not sane, but '*.bbc.co.uk' is.

This check is not always correct, but it attempts to err on the side of marking sane trust roots insane instead of marking insane trust roots sane. For example, 'kink.fm' is marked as insane even though it "should" (for some meaning of should) be marked sane.

This function should be used when creating OpenID servers to alert the users of the server when a consumer attempts to get the user to accept a suspicious trust root.

Parameter:
string $trust_root The trust root to check
Rückgabe:
bool $sanity Whether the trust root looks OK

Definiert in Zeile 200 der Datei TrustRoot.php.

00203     {
00204         $parts = Auth_OpenID_TrustRoot::_parse($trust_root);
00205         if ($parts === false) {
00206             return false;
00207         }
00208 
00209         // Localhost is a special case
00210         if ($parts['host'] == 'localhost') {
00211             return true;
00212         }
00213         
00214         $host_parts = explode('.', $parts['host']);
00215         if ($parts['wildcard']) {
00216             // Remove the empty string from the beginning of the array
00217             array_shift($host_parts);
00218         }
00219 
00220         if ($host_parts && !$host_parts[count($host_parts) - 1]) {
00221             array_pop($host_parts);
00222         }
00223 
00224         if (!$host_parts) {
00225             return false;
00226         }
00227 
00228         // Don't allow adjacent dots
00229         if (in_array('', $host_parts, true)) {
00230             return false;
00231         }
00232 
00233         // Get the top-level domain of the host. If it is not a valid TLD,
00234         // it's not sane.
00235         preg_match(Auth_OpenID___TLDs, $parts['host'], $matches);
00236         if (!$matches) {
00237             return false;
00238         }
00239         $tld = $matches[1];
00240 
00241         if (count($host_parts) == 1) {
00242             return false;
00243         }
00244 
00245         if ($parts['wildcard']) {
00246             // It's a 2-letter tld with a short second to last segment
00247             // so there needs to be more than two segments specified
00248             // (e.g. *.co.uk is insane)
00249             $second_level = $host_parts[count($host_parts) - 2];
00250             if (strlen($tld) == 2 && strlen($second_level) <= 3) {
00251                 return count($host_parts) > 2;
00252             }
00253         }
00254 

match ( trust_root,
url 
)

Does this URL match the given trust root?

Return whether the URL falls under the given trust root. This does not check whether the trust root is sane. If the URL or trust root do not parse, this function will return false.

Parameter:
string $trust_root The trust root to match against
string $url The URL to check
Rückgabe:
bool $matches Whether the URL matches against the trust root

Definiert in Zeile 270 der Datei TrustRoot.php.

00273     {
00274         $trust_root_parsed = Auth_OpenID_TrustRoot::_parse($trust_root);
00275         $url_parsed = Auth_OpenID_TrustRoot::_parse($url);
00276         if (!$trust_root_parsed || !$url_parsed) {
00277             return false;
00278         }
00279 
00280         // Check hosts matching
00281         if ($url_parsed['wildcard']) {
00282             return false;
00283         }
00284         if ($trust_root_parsed['wildcard']) {
00285             $host_tail = $trust_root_parsed['host'];
00286             $host = $url_parsed['host'];
00287             if ($host_tail &&
00288                 substr($host, -(strlen($host_tail))) != $host_tail &&
00289                 substr($host_tail, 1) != $host) {
00290                 return false;
00291             }
00292         } else {
00293             if ($trust_root_parsed['host'] != $url_parsed['host']) {
00294                 return false;
00295             }
00296         }
00297 
00298         // Check path and query matching
00299         $base_path = $trust_root_parsed['path'];
00300         $path = $url_parsed['path'];
00301         if (!isset($trust_root_parsed['query'])) {
00302             if ($base_path != $path) {
00303                 if (substr($path, 0, strlen($base_path)) != $base_path) {
00304                     return false;
00305                 }
00306                 if (substr($base_path, strlen($base_path) - 1, 1) != '/' &&
00307                     substr($path, strlen($base_path), 1) != '/') {
00308                     return false;
00309                 }
00310             }
00311         } else {
00312             $base_query = $trust_root_parsed['query'];
00313             $query = @$url_parsed['query'];
00314             $qplus = substr($query, 0, strlen($base_query) + 1);
00315             $bqplus = $base_query . '&';
00316             if ($base_path != $path ||
00317                 ($base_query != $query && $qplus != $bqplus)) {
00318                 return false;
00319             }
00320         }
00321 
00322         // The port and scheme need to match exactly
00323         return ($trust_root_parsed['scheme'] == $url_parsed['scheme'] &&


Die Dokumentation für diese Klasse wurde erzeugt aufgrund der Datei:
Copyright © 2003 - 2009 MyOOS [Shopsystem]. All rights reserved.
MyOOS [Shopsystem] is Free Software released under the GNU/GPL License.

Webmaster: info@r23.de (Impressum)
doxygen