ZF-12258: Zend_OpenId_Consumer incorect verify on openid_claimed_id

Issue Type: Bug Created: 2012-05-28T16:23:18.000+0000 Last Updated: 2012-05-28T16:36:53.000+0000 Status: Open Fix version(s): Reporter: Lucian MATEESCU (lucianmateescu) Assignee: Dmitry Stogov (dmitry) Tags: - Zend_OpenId

Related issues: Attachments:


yahoo send an #fragment for identifier reciclying see

on line 316 if ((!empty($params['openid_identity']) && $params["openid_identity"] != $id)

it will fail, and not according to the specs.




Posted by Lucian MATEESCU (lucianmateescu) on 2012-05-28T16:36:53.000+0000

Proposed solution :

  1. Revert on Zend_OpenId normalize (and use as standard Normalized, without fragment… )
  2. Modify on Zend_OpenId_Consumer as 316 if ((!empty($params['openid_identity']) && $params["openid_identity"] != $id

replace 316 if ((!empty($params['openid_identity']) && $params["openid_identity"] != Zend_OpenId:normalize($id)

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.