From 829fae6a464ef7104b7dc3f3514cb620d2f050f9 Mon Sep 17 00:00:00 2001 From: Aymeric Augustin Date: Tue, 28 Oct 2008 23:44:45 +0100 Subject: [PATCH] Only allow melix alias in openid URLs when the melix alias is public Enable the hook --- modules/openid.php | 4 ++-- modules/openid/openid.inc.php | 9 ++++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/modules/openid.php b/modules/openid.php index 6c3c0e5..295dabe 100644 --- a/modules/openid.php +++ b/modules/openid.php @@ -51,7 +51,7 @@ class OpenidModule extends PLModule 'openid/trust' => $this->make_hook('trust', AUTH_COOKIE), 'openid/idp_xrds' => $this->make_hook('idp_xrds', AUTH_PUBLIC), 'openid/user_xrds' => $this->make_hook('user_xrds', AUTH_PUBLIC), -// 'openid/melix' => $this->make_hook('melix', AUTH_PUBLIC), + 'openid/melix' => $this->make_hook('melix', AUTH_PUBLIC), ); } @@ -206,7 +206,7 @@ class OpenidModule extends PLModule // This will redirect to the canonic URL, which was not used // if this hook was triggered - return render_discovery_page(&$page, $user); + return $this->render_discovery_page(&$page, $user); } //--------------------------------------------------------------------// diff --git a/modules/openid/openid.inc.php b/modules/openid/openid.inc.php index 2ab06ff..e4a7b12 100644 --- a/modules/openid/openid.inc.php +++ b/modules/openid/openid.inc.php @@ -55,9 +55,12 @@ function get_user_by_alias($x) { // TODO such a function should probably be provided in the User class // or at least not here $res = XDB::query('SELECT u.user_id - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON (a.id = u.user_id AND type != \'homonyme\') - WHERE a.alias = {?} AND u.perms IN(\'admin\', \'user\')', + FROM auth_user_md5 AS u + INNER JOIN auth_user_quick AS q USING(user_id) + INNER JOIN aliases AS a ON (a.id = u.user_id AND type != \'homonyme\') + WHERE u.perms IN(\'admin\', \'user\') + AND q.emails_alias_pub = \'public\' + AND a.alias = {?}', $x); if (list($uid) = $res->fetchOneRow()) { $user = User::getSilent($uid); -- 2.1.4