php-openid icon indicating copy to clipboard operation
php-openid copied to clipboard

Published 20 hours ago verified publisher icon openid

Add urldecoding values in post form

Open conf opened this issue 14 years ago • 3 comments

We need this because browser makes encoding by itself, so the value become encoded twice. For example if identifier is an email. Fixed at my repo: http://github.com/conf/php-openid/commit/c3ca5c1f7d4c52c649eec93e5a6ffae2030119fd

conf avatar Jun 25 '10 10:06 conf

This actually breaks values that are base64 encoded when they contain a + the plus is decoded to space which is encoded to %20 when the form is submitted. I removed the urldecode and it fixes issues with random signature and assoc_handle errors. I do not see any ill effects to email addresses or other characters that would normally be urlencoded. I think this commit should be removed.

nhorvath avatar Mar 02 '12 21:03 nhorvath

I don't remember clearly for now, since it was 2 years ago :), but it seems it was an issue with Mail.ru OpenID provider (quite popular email service in Russia). They required email as user-identifier when openid logging is done, so if we have email, say, [email protected], it came already urlencoded to the patched line, so it will look as conf%40mail.ru. After that POST-form is generated with <input>-hidden value, so browser will encode this value once again, resulting conf%25%40mail.ru and that was causing error from their side. My fix did the job for me, so it's up to you to decide if it's needed anymore in common repo. Thanks for the answer, anyways.

conf avatar Mar 07 '12 08:03 conf

Maybe you could try to use the function htmlspecialchars rather than encoding the value I think.

itsour avatar Oct 23 '12 07:10 itsour

This repo is being archived. Closing issue.

timcappalli avatar Jul 24 '23 18:07 timcappalli