Document verify return value risk and fix tests

robrichards / xmlseclibs

A PHP library for XML Security

BSD 3-Clause "New" or "Revised" License

388 stars 181 forks source link

Document verify return value risk and fix tests #117

Closed thijskh closed 7 years ago

thijskh commented 7 years ago

The verify() method has a risky return values -1, 0 and 1. PHP may cast -1 in a boolean context to true, making any error during signature processing evaluate to true. So this return value should be checked carefully in applications that use the method. Document this in the comment blocks. Also update the tests to invoke it 'the right way', to avoid the wrong construct being copied by someone to live code.

thijskh commented 7 years ago

This should be mergable, only documentation improvement and tests fix.

thijskh commented 7 years ago

Fixed docblock and rebased against current master, github insisted to close this PR so it's now #131.