diff options
Diffstat (limited to 'plugins/openid/lib/Auth/OpenID/URINorm.php')
-rw-r--r-- | plugins/openid/lib/Auth/OpenID/URINorm.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/plugins/openid/lib/Auth/OpenID/URINorm.php b/plugins/openid/lib/Auth/OpenID/URINorm.php index c051b550..32e84588 100644 --- a/plugins/openid/lib/Auth/OpenID/URINorm.php +++ b/plugins/openid/lib/Auth/OpenID/URINorm.php @@ -93,7 +93,17 @@ function Auth_OpenID_pct_encoded_replace_unreserved($mo) function Auth_OpenID_pct_encoded_replace($mo) { - return chr(intval($mo[1], 16)); + $code = intval($mo[1], 16); + + // Prevent request splitting by ignoring newline and space characters + if($code === 0xA || $code === 0xD || $code === ord(' ')) + { + return $mo[0]; + } + else + { + return chr($code); + } } function Auth_OpenID_remove_dot_segments($path) |