|
@@ -286,7 +286,9 @@
|
286
|
286
|
. URLBuilder::getCurrentURL());
|
287
|
287
|
}
|
288
|
288
|
|
289
|
|
- if ($_REQUEST['openid_identity'] != $_SESSION['openid']['claimedId'] && $_REQUEST['openid_identity'] != $_SESSION['openid']['opLocalId']) {
|
|
289
|
+ $id = $_REQUEST[isset($_REQUEST['openid_claimed_id']) ? 'openid_claimed_id' : 'openid_identity'];
|
|
290
|
+
|
|
291
|
+ if (!URLBuilder::isSameURL($id, $_SESSION['openid']['claimedId']) && !URLBuilder::isSameURL($id, $_SESSION['openid']['opLocalId'])) {
|
290
|
292
|
if ($_SESSION['openid']['claimedId'] == 'http://specs.openid.net/auth/2.0/identifier_select') {
|
291
|
293
|
$disc = new Discoverer($_REQUEST['openid_claimed_id'], false);
|
292
|
294
|
|
|
@@ -299,7 +301,7 @@
|
299
|
301
|
} else {
|
300
|
302
|
error('diffid', 'Identity provider validated wrong identity. Expected it to '
|
301
|
303
|
. 'validate ' . $_SESSION['openid']['claimedId'] . ' but it '
|
302
|
|
- . 'validated ' . $_REQUEST['openid_identity']);
|
|
304
|
+ . 'validated ' . $id);
|
303
|
305
|
}
|
304
|
306
|
}
|
305
|
307
|
|