ZF-10456: OpenID SREG extension should check for valid property fields

Issue Type: Patch Created: 2010-09-15T01:56:41.000+0000 Last Updated: 2012-11-20T21:37:40.000+0000 Status: Open Fix version(s): Reporter: Frank Groeneveld (frenkel) Assignee: None Tags: - Zend_OpenId

Related issues: Attachments:


As per the official specification, SREG only accepts a number of fields. There should be a check in the constructor because it might not be obvious otherwise. This code will fix it:

Index: OpenId/Extension/Sreg.php

--- OpenId/Extension/Sreg.php (revision 22938) +++ OpenId/Extension/Sreg.php (working copy) @@ -55,6 +55,15 @@ */ public function __construct(array $props=null, $policy_url=null, $version=1.0) { + /* make sure only properties of the specification are set */ + if (is_array($props)) { + foreach ($props as $name => $value) { + if (!in_array($name, self::getSregProperties())) { + throw new Zend_Exception('Invalid property set for SREG extension: ' . $name); + } + } + } + $this->_props = $props; $this->_policy_url = $policy_url; $this->_version = $version;


No comments to display

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.