Ticket #216 (closed defect: fixed)

Opened 6 months ago

Last modified 6 months ago

PHP trustroot tests blindly pass

Reported by: https://keturn.myopenid.com/ Assigned to:
Priority: major Milestone: Lib release 6/5
Keywords: sync trustroot Cc:
Project: php-openid OpenID Protocol:
Series: 2.x.x Web Browser:

Description

See Python patch 

Mon Mar 24 14:55:54 PDT 2008  cygnus@janrain.com
  * Update trust root parsing to reject more invalid inputs

Change History

06/03/08 17:45:22 changed by http://dag.myopenid.com/

Ruby rejects many of the new lines that are somewhat questionable. Nothing to fix, but added 3 cases to trustroot.txt

In PHP, we've discovered that the trustroot test is not actually testing anything. (Try throwing in some totally bogus cases to trustroot.txt) It turns out that for the parse cases, runTest is not actually being called. The match cases are also broken in that data that should cause the tests to fail do not, but the runTests method is actually running.

06/03/08 17:50:32 changed by http://dag.myopenid.com/

  • project changed from All libraries to php-openid.
  • summary changed from enforce valid characters in trustroot host segment, digits in port to PHP trustroot tests blindly pass.

06/04/08 15:27:24 changed by http://carl.myopenid.com/

  • status changed from new to closed.
  • resolution set to fixed.

Finally all tracked down and fixed. PHP semantics are unfortunate.