The URL in the function openid_provider_unsolicited_assertion() is getting formed badly. The arguments for the function strpos() are mixed up, as well as the result of the conditional statement are wrong.

Further I saw some notices in the comments of this function:

 * It is unclear what this function is for. It is not used anywhere,
 * and looks like a "10.1.  Positive Assertions", but that's what
 * openid_provider_authentication_response() does...
 * @todo figure out what this does or get rid of it.

Trying to explain: This function is getting used when a OpenID provider wants to do an unsolicited assertion. This happens for example in the OpenID Provider AX module in order to exchange attributes from a OP that had been changed to relying parties.

CommentFileSizeAuthor
#1 fixing_unsolicited_assertion_function-1913154-1.patch1.14 KBxamanu
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

xamanu’s picture

xamanu CreditAttribution: xamanu commented
Status: Active » Needs review
FileSize
fixing_unsolicited_assertion_function-1913154-1.patch1.14 KB

Here is the patch. Removing the comments and fixing the strpos() function call.

anarcat’s picture

anarcat CreditAttribution: anarcat commented
Status: Needs review » Fixed

Fix committed to 6.x and 7.x, thanks.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.