]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - extlib/Auth/OpenID/URINorm.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into nightly
[quix0rs-gnu-social.git] / extlib / Auth / OpenID / URINorm.php
diff --git a/extlib/Auth/OpenID/URINorm.php b/extlib/Auth/OpenID/URINorm.php
index f821d836a90b2256bb06727d45c629a408535813..32e84588dbe77f55f7daeb849163bb946a26c40c 100644 (file)
--- a/extlib/Auth/OpenID/URINorm.php
+++ b/extlib/Auth/OpenID/URINorm.php
@@ -93,7 +93,17 @@ function Auth_OpenID_pct_encoded_replace_unreserved($mo)
 
 function Auth_OpenID_pct_encoded_replace($mo)
 {
-    return chr(intval($mo[1], 16));
+    $code = intval($mo[1], 16);
+
+    // Prevent request splitting by ignoring newline and space characters
+    if($code === 0xA || $code === 0xD || $code === ord(' '))
+    {
+        return $mo[0];
+    }
+    else
+    {
+        return chr($code);
+    }
 }
 
 function Auth_OpenID_remove_dot_segments($path)
@@ -246,4 +256,4 @@ function Auth_OpenID_urinorm($uri)
     return $scheme . '://' . $authority . $path . $query . $fragment;
 }
 
-?>
+
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)