ZF-12527: Zend_OpenId_Provider::_checkId - matching regular expression may be wrong (quick fix)

Issue Type: Bug Created: 2013-02-20T21:11:26.000+0000 Last Updated: 2013-04-05T16:06:58.000+0000 Status: Closed Fix version(s): Reporter: Alan B. Dee (alanbdee) Assignee: Frank Brückner (frosch) Tags: - Zend_OpenId

Related issues: Attachments:


In the _checkId method there is a regular expression to check for realm wildcards:

<pre class="highlight">
$regex = '/^'
       . preg_quote(substr($site, 0, $n+3), '/')
       . '[A-Za-z1-9_\.]+?'
       . preg_quote(substr($site, $n+4), '/')
       . '/';

The line '[A-Za-z1-9_.+?' should probably be '[A-Za-z0-9_.+?' As it is, if the realm has a 0 then it won't pass.

<pre class="highlight">
$regex = '/^'
       . preg_quote(substr($site, 0, $n+3), '/')
       . '[A-Za-z0-9_\.]+?'
       . preg_quote(substr($site, $n+4), '/')
       . '/';

In our implementation we did a workaround by explicitly authorizing the realm.


Posted by Pavel Kačer (draculus) on 2013-02-21T10:02:29.000+0000

This bug is in ZF1 and ZF2 as well. Moreover the current regexp matches also a '\' character that is should not.

As defined in the OpenId specification [1] the realms should have structure defined by RFC3986 [2].

The structure is following.

ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )

So the correct regular expression (PCRE) is


The line


should be changed to


I will create a pull request for the ZF2 on GitHub. But I have no idea how to push code to ZF1.

[1]… [2]

Posted by Pavel Kačer (draculus) on 2013-02-21T10:06:57.000+0000

Hmm, the JIRA markup has scrambled the regular expressions.

<pre class="literal">

Therefore the line in the code will be following.

<pre class="literal">

Posted by Pavel Kačer (draculus) on 2013-02-21T10:09:41.000+0000

Dah, one more fix. This one is final.

<pre class="literal">

Line in the code

<pre class="literal">

Sorry. :-)

Posted by Ralph Schindler (ralph) on 2013-04-05T16:06:58.000+0000

This issue has been closed on Jira and moved to GitHub for issue tracking. To continue following the resolution of this issues, please visit:

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.