Ensure trust_root is always below return_to URL

Make javascript example allow the library to determine trust_root itself

.gitignore

+/keycache.php

examples/javascript/iframe.php

 
  session_start();
 
- define('OPENID_TRUSTROOT', $_SESSION['trustroot']);
  define('OPENID_IMMEDIATE', true);
 
  if (isset($_GET['openid_id'])) {

examples/javascript/index.php

   exit;
  }
 
- $_SESSION['trustroot'] = URLBuilder::getCurrentURL();
-
  if (isset($_POST['openid_url']) || isset($_REQUEST['openid_mode'])) {
   // Proxy for non-JS users
 

urlbuilder.inc.php

   public static function buildRequest($type, $base, $delegate, $identity, $returnURL, $handle) {
    $args = array(
     'openid.ns' => self::NAMESPACE,
-	'openid.mode' => 'checkid_' . $type,
-	'openid.identity' => $delegate,
-	'openid.claimed_id' => $identity,
-	'openid.trust_root' => self::getTrustRoot(),
-	'openid.return_to' => self::addArguments($returnURL,
+    'openid.mode' => 'checkid_' . $type,
+    'openid.identity' => $delegate,
+    'openid.claimed_id' => $identity,
+    'openid.trust_root' => self::getTrustRoot($returnURL),
+    'openid.return_to' => self::addArguments($returnURL,
 		array('openid.nonce' => $_SESSION['openid']['nonce']))
    );
 
    return self::addArguments($base, $args);
   }
 
-  private static function getTrustRoot() {
+  private static function getTrustRoot($base = null) {
    if (defined('OPENID_TRUSTROOT')) {
     return OPENID_TRUSTROOT;
-   } else {
-    return self::getCurrentURL();
    }
+
+   $curr = self::getCurrentURL();
+   $root = $base == null ? $curr : $base;
+
+   while (substr($curr, 0, strlen($root)) != $root) {
+    $root = dirname($root) . '/';
+   }
+
+   return $root; 
   }
 
   private static function addSRegArgs(&$args) {