Feature #33518 ยป 33518.diff
| typo3/sysext/openid/sv1/class.tx_openid_sv1.php | ||
|---|---|---|
|
// Check if the user identifier looks like OpenID user identifier first.
|
||
|
// Prevent PHP warning in case if identifiers is not an OpenID identifier
|
||
|
// (not an URL).
|
||
|
$this->loginData['uname'] = $userRecord['tx_openid_openid'];
|
||
|
$urlParts = @parse_url($this->loginData['uname']);
|
||
|
if (is_array($urlParts) && $urlParts['scheme'] != '' && $urlParts['host']) {
|
||
|
// Yes, this looks like a good OpenID. Ask OpenID server (should not return)
|
||
| ... | ... | |
|
protected function getUserRecord($openIDIdentifier) {
|
||
|
$record = NULL;
|
||
|
if ($openIDIdentifier) {
|
||
|
$record = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('*',
|
||
|
$this->authenticationInformation['db_user']['table'],
|
||
|
'tx_openid_openid=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($openIDIdentifier, $this->authenticationInformation['db_user']['table']) .
|
||
|
$this->authenticationInformation['db_user']['check_pid_clause'] .
|
||
|
$this->authenticationInformation['db_user']['enable_clause']);
|
||
|
if (preg_match('#^https?://#', $openIDIdentifier)) {
|
||
|
$record = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('*',
|
||
|
$this->authenticationInformation['db_user']['table'],
|
||
|
'tx_openid_openid=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($openIDIdentifier, $this->authenticationInformation['db_user']['table']) .
|
||
|
$this->authenticationInformation['db_user']['check_pid_clause'] .
|
||
|
$this->authenticationInformation['db_user']['enable_clause']
|
||
|
);
|
||
|
} else {
|
||
|
// Fuzzy match
|
||
|
$identifier = $GLOBALS['TYPO3_DB']->escapeStrForLike(rtrim($openIDIdentifier, '/'), $this->authenticationInformation['db_user']['table']);
|
||
|
$records = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('*',
|
||
|
$this->authenticationInformation['db_user']['table'],
|
||
|
'(tx_openid_openid LIKE \'http://' . $GLOBALS['TYPO3_DB']->quoteStr($identifier, $this->authenticationInformation['db_user']['table']) . '%\'' .
|
||
|
' OR tx_openid_openid LIKE \'https://' . $GLOBALS['TYPO3_DB']->quoteStr($identifier, $this->authenticationInformation['db_user']['table']) . '%\')' .
|
||
|
$this->authenticationInformation['db_user']['check_pid_clause'] .
|
||
|
$this->authenticationInformation['db_user']['enable_clause']
|
||
|
);
|
||
|
foreach ($records as $r) {
|
||
|
if (preg_match('#^https?://' . preg_quote(rtrim($openIDIdentifier, '/'), '#') . '/?$#', $r['tx_openid_openid'])) {
|
||
|
$record = $r;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
// This should never happen and generally means hack attempt.
|
||
|
// We just log it and do not return any records.
|
||