Re: RFS: wordpress-openid
Andreas Schildbach wrote:
> Dear mentors,
>
> I am looking for a sponsor for my package "wordpress-openid".
>
> * Package name : wordpress-openid
> Version : 2.2.1-1
> Upstream Author : Will Norris, Alan J. Castonguay, Factory Joe
> * URL : http://wordpress.org/extend/plugins/openid/
> * License : GPL & modified BSD, Apache License 2.0
> Section : net
>
logic.php:
script prints the content of QUERY_STRING directly probably without any kind
of sanitation.
interface.php:
similar issue when printing $_REQUEST['page']
logic.php:
I don't understand why there's such kind of, bogus, exception:
> // use email address for username if URL is from emailtoid.net
> $username = $identity_url;
> if (null != $_SESSION['openid_login_email'] and
strpos($username, 'http://emailtoid.net/') == 0) {
> if($user_data['user_email'] == NULL) {
> $user_data['user_email'] =
$_SESSION['openid_login_email'];
> }
> $username = $_SESSION['openid_login_email'];
> unset($_SESSION['openid_login_email']);
> }
Also, the strpos usage is completely incorrect, see the following example:
$ php -n -r '$foo="bar"; var_dump(strpos($foo, "moo") == 0);'
bool(true)
$ php -n -r '$foo="bar"; var_dump(strpos($foo, "moo") === 0);'
bool(false)
(again) logic.php:
> if( strpos( $claimed_url, '@' ) ) {
and
> if (strpos($wp_version, '2.5') != 0) {
are also incorrect.
files/jquery.xpath.*:
files are jquery plugins that should be shipped in a separate package.
files/jquery.textnode.*:
same as above, but I couldn't find its homepage
>
> Kind regards
> Andreas Schildbach
>
>
> P.S. there is also phpmyid, an OpenID identity provider, still waiting to
> be sponsored:
> http://mentors.debian.net/debian/pool/main/p/phpmyid
Cheers,
--
Atomo64 - Raphael
Please avoid sending me Word, PowerPoint or Excel attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
Reply to: