Issues

ZF-10456: OpenID SREG extension should check for valid property fields

Description

As per the official specification, SREG only accepts a number of fields. There should be a check in the constructor because it might not be obvious otherwise. This code will fix it:

Index: OpenId/Extension/Sreg.php

--- OpenId/Extension/Sreg.php (revision 22938) +++ OpenId/Extension/Sreg.php (working copy) @@ -55,6 +55,15 @@ */ public function __construct(array $props=null, $policy_url=null, $version=1.0) { + /* make sure only properties of the specification are set */ + if (is_array($props)) { + foreach ($props as $name => $value) { + if (!in_array($name, self::getSregProperties())) { + throw new Zend_Exception('Invalid property set for SREG extension: ' . $name); + } + } + } + $this->_props = $props; $this->_policy_url = $policy_url; $this->_version = $version;

Comments

No comments to display