diff options
author | Michal Čihař <michal@cihar.com> | 2016-06-17 17:24:39 +0300 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2016-06-17 17:24:39 +0300 |
commit | 791bdafcdd441883f2bf2721356afeaf8146ab70 (patch) | |
tree | 3713c0e0ba017afa472b84b109c45f707fb1c911 /examples | |
parent | bdfaaa4f40e1abfc0b626dec273f5a76fc95b27f (diff) | |
parent | be3ecbb4cca3fbe20e3b3aa4e049902d18b60865 (diff) |
Merge branch 'QA_4_6-security' into master-security
Diffstat (limited to 'examples')
-rw-r--r-- | examples/openid.php | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/examples/openid.php b/examples/openid.php index da4a13fb53..8ef34e9ee3 100644 --- a/examples/openid.php +++ b/examples/openid.php @@ -63,6 +63,16 @@ function Show_page($contents) <?php } +function Die_error($e) +{ + $contents = "<div class='relyingparty_results'>\n"; + $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n"; + $contents .= "</div class='relyingparty_results'>"; + Show_page($contents); + exit; +} + + /* Need to have cookie visible from parent directory */ session_set_cookie_params(0, '/', '', false); /* Create signon session */ @@ -98,9 +108,9 @@ OpenID: <input type="text" name="identifier" /><br /> } /* Grab identifier */ -if (isset($_POST['identifier'])) { +if (isset($_POST['identifier']) && is_string($_POST['identifier'])) { $identifier = $_POST['identifier']; -} else if (isset($_SESSION['identifier'])) { +} else if (isset($_SESSION['identifier']) && is_string($_SESSION['identifier'])) { $identifier = $_SESSION['identifier']; } else { $identifier = null; @@ -109,24 +119,16 @@ if (isset($_POST['identifier'])) { /* Create OpenID object */ try { $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); -} catch (OpenID_Exception $e) { - $contents = "<div class='relyingparty_results'>\n"; - $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; - $contents .= "</div class='relyingparty_results'>"; - Show_page($contents); - exit; +} catch (Exception $e) { + Die_error($e); } /* Redirect to OpenID provider */ if (isset($_POST['start'])) { try { $authRequest = $o->prepare(); - } catch (OpenID_Exception $e) { - $contents = "<div class='relyingparty_results'>\n"; - $contents .= "<pre>" . $e->getMessage() . "</pre>\n"; - $contents .= "</div class='relyingparty_results'>"; - Show_page($contents); - exit; + } catch (Exception $e) { + Die_error($e); } $url = $authRequest->getAuthorizeURL(); @@ -143,7 +145,11 @@ if (isset($_POST['start'])) { } /* Check reply */ - $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); + try { + $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); + } catch (Exception $e) { + Die_error($e); + } $id = $message->get('openid.claimed_id'); |