From 85a407e7b008d9a7ffb53006c419f7a8636f0452 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Sat, 18 Mar 2017 10:55:14 +0100 Subject: [PATCH 1/2] Normalize OpenID URI before checking it for validity Fixes #251 --- plugins/OpenID/openid.php | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/OpenID/openid.php b/plugins/OpenID/openid.php index ee854e8140..8ec138ffb6 100644 --- a/plugins/OpenID/openid.php +++ b/plugins/OpenID/openid.php @@ -131,6 +131,7 @@ function oid_check_immediate($openid_url, $backto=null) function oid_authenticate($openid_url, $returnto, $immediate=false) { + $openid_url = Auth_OpenID::normalizeUrl($openid_url); if (!common_valid_http_url($openid_url)) { throw new ClientException(_m('No valid URL provided for OpenID.')); } From 1ef206467fcdefa4c89a030375ff236fdafd80f2 Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Sat, 18 Mar 2017 13:33:07 +0100 Subject: [PATCH 2/2] Fix OpenID URI removal See #252 --- plugins/OpenID/actions/openidsettings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/OpenID/actions/openidsettings.php b/plugins/OpenID/actions/openidsettings.php index bf5d8886f1..9651ec3134 100644 --- a/plugins/OpenID/actions/openidsettings.php +++ b/plugins/OpenID/actions/openidsettings.php @@ -287,7 +287,7 @@ class OpenidsettingsAction extends SettingsAction // TRANS: Form validation error for a non-existing OpenID. throw new ClientException(_m('No such OpenID.')); } - if ($this->scoped->getID() !== $oid->user_id) { + if ($this->scoped->getID() != $oid->user_id) { // TRANS: Form validation error if OpenID is connected to another user. throw new ClientException(_m('That OpenID does not belong to you.')); }