Bug #40993 for Net-OpenID-Consumer: consumer delegate verification bug

Mon Nov 17 09:15:10 2008 http://avarix.myopenid.com/ - Ticket created

Subject:

consumer delegate verification bug

hi found bug in Consumer.pm Line: 743 delegate and real_ident should be compared to ident_nofragment due to: # OpenID 2.0 wants us to exclude the fragment part of the URL when doing equality check fix: # if openid.delegate was used, check that it was done correctly if ($a_ident_nofragment ne $real_ident_nofragment) { my $a_ident_nofragment = $a_ident; $a_ident_nofragment =~ s/\#.*$//; unless ($delegate eq $a_ident) { $error->("bogus_delegation"); next; } } => # if openid.delegate was used, check that it was done correctly if ($a_ident_nofragment ne $real_ident_nofragment && $a_ident_nofragment ne $delegate) { $error->("bogus_delegation"); next; }

Sat Nov 29 20:25:22 2008 MART [...] cpan.org - Correspondence added

Fix checked in: http://code.sixapart.com/trac/openid/changeset/170 Note that this has gone into the 1.0 maintenence branch, not the trunk. It'll be merged into the trunk in due course.

Sat Nov 29 20:25:23 2008 The RT System itself - Status changed from 'new' to 'open'

Sat Nov 29 21:04:10 2008 MART [...] cpan.org - Correspondence added

Fixed in 1.03.

Sat Nov 29 21:04:12 2008 MART [...] cpan.org - Status changed from 'open' to 'resolved'