Regex parsing of XRD XML matches wrong entries

[GoogleCodeExporter]

This library appears to be doing XML parsing with regular expressions instead 
of an XML parser for its XRD discovery:

   $ns = preg_quote('http://specs.openid.net/auth/2.0/');
   if (preg_match('#<Service.*?>(.*)<Type>\s*'.$ns.'(.*?)\s*</Type>(.*)</Service>#s', $content, $m)) {

This fails dramatically if the discovery information contains other entries, 
matching a large swatch of the document instead of just the relevant entries 
for OpenID.

The result is that attempting to authenticate against a site such as identi.ca 
which offers other services such as OAuth in that same XRD ends up breaking, 
for instance by sending you off to the OAuth requesttoken URL instead of the 
OpenID endpoint.

Original issue reported on code.google.com by brion.vi...@gmail.com on 28 Oct 2010 at 8:41

[GoogleCodeExporter]

I've tested discovery with identi.ca, and was able to reproduce the bug.

It wasn't related to the problem you have described, but I have fixed both the 
one here, and the one causing that problem.

It's still using regular expressions - I avoid using a full xml parser unless 
it's necessary, because parsing with regular expressions is generally faster.

Original comment by mewp...@gmail.com on 30 Oct 2010 at 10:56

• Changed state: Fixed

[GoogleCodeExporter]

I've update lightopenid but I still can't authenticate myself against identi.ca
This is a fresh git clone: www.macno.org/test/lightopenid/example.php

Original comment by mich...@fluidware.it on 30 Oct 2010 at 11:25