This queue is for tickets about the Net-OpenID-Consumer CPAN distribution.

Report information
The Basics
Id:
40993
Status:
resolved
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
mindsectr [...] gmail.com
Cc:
AdminCc:

BugTracker
Severity:
Critical
Broken in:
1.02
Fixed in:
(no value)



Subject: consumer delegate verification bug
hi found bug in Consumer.pm Line: 743 delegate and real_ident should be compared to ident_nofragment due to: # OpenID 2.0 wants us to exclude the fragment part of the URL when doing equality check fix: # if openid.delegate was used, check that it was done correctly if ($a_ident_nofragment ne $real_ident_nofragment) { my $a_ident_nofragment = $a_ident; $a_ident_nofragment =~ s/\#.*$//; unless ($delegate eq $a_ident) { $error->("bogus_delegation"); next; } } => # if openid.delegate was used, check that it was done correctly if ($a_ident_nofragment ne $real_ident_nofragment && $a_ident_nofragment ne $delegate) { $error->("bogus_delegation"); next; }
Fix checked in: http://code.sixapart.com/trac/openid/changeset/170 Note that this has gone into the 1.0 maintenence branch, not the trunk. It'll be merged into the trunk in due course.
Fixed in 1.03.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.