Commit a362d912 authored by David_Rothstein's avatar David_Rothstein

Drupal 6.36

parent 8ffc5db3
Drupal 6.36, 2015-06-17
-----------------------
- Fixed security issues (OpenID impersonation). See SA-CORE-2015-002.
Drupal 6.35, 2015-03-18
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.
......
......@@ -241,10 +241,34 @@ function openid_complete($response = array()) {
if (openid_verify_assertion($service, $response)) {
// If the returned claimed_id is different from the session claimed_id,
// then we need to do discovery and make sure the op_endpoint matches.
if ($service['version'] == 2 && $response['openid.claimed_id'] != $claimed_id) {
$disco = openid_discovery($response['openid.claimed_id']);
if ($disco[0]['uri'] != $service['uri']) {
return $response;
if ($service['version'] == 2) {
// Returned Claimed Identifier could contain unique fragment
// identifier to allow identifier recycling so we need to preserve
// it in the response.
$response_claimed_id = _openid_normalize($response['openid.claimed_id']);
if ($response_claimed_id != $claimed_id || $response_claimed_id != $response['openid.identity']) {
$disco = openid_discovery($response['openid.claimed_id']);
if ($disco[0]['uri'] != $service['uri']) {
return $response;
}
if (!empty($disco[0]['localid'])) {
$identity = $disco[0]['localid'];
}
else if (!empty($disco[0]['delegate'])) {
$identity = $disco[0]['delegate'];
}
else {
$identity = FALSE;
}
// The OP-Local Identifier (if different than the Claimed
// Identifier) must be present in the XRDS document.
if ($response_claimed_id != $response['openid.identity'] && (!$identity || $identity != $response['openid.identity'])) {
return $response;
}
}
}
else {
......
......@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '6.35');
define('VERSION', '6.36');
/**
* Core API compatibility.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment