Andreas Schildbach wrote: > Dear mentors, > > I am looking for a sponsor for my package "wordpress-openid". > > * Package name : wordpress-openid > Version : 2.2.1-1 > Upstream Author : Will Norris, Alan J. Castonguay, Factory Joe > * URL : http://wordpress.org/extend/plugins/openid/ > * License : GPL & modified BSD, Apache License 2.0 > Section : net >
logic.php: script prints the content of QUERY_STRING directly probably without any kind of sanitation. interface.php: similar issue when printing $_REQUEST['page'] logic.php: I don't understand why there's such kind of, bogus, exception: > // use email address for username if URL is from emailtoid.net > $username = $identity_url; > if (null != $_SESSION['openid_login_email'] and strpos($username, 'http://emailtoid.net/') == 0) { > if($user_data['user_email'] == NULL) { > $user_data['user_email'] = $_SESSION['openid_login_email']; > } > $username = $_SESSION['openid_login_email']; > unset($_SESSION['openid_login_email']); > } Also, the strpos usage is completely incorrect, see the following example: $ php -n -r '$foo="bar"; var_dump(strpos($foo, "moo") == 0);' bool(true) $ php -n -r '$foo="bar"; var_dump(strpos($foo, "moo") === 0);' bool(false) (again) logic.php: > if( strpos( $claimed_url, '@' ) ) { and > if (strpos($wp_version, '2.5') != 0) { are also incorrect. files/jquery.xpath.*: files are jquery plugins that should be shipped in a separate package. files/jquery.textnode.*: same as above, but I couldn't find its homepage > > Kind regards > Andreas Schildbach > > > P.S. there is also phpmyid, an OpenID identity provider, still waiting to > be sponsored: > http://mentors.debian.net/debian/pool/main/p/phpmyid Cheers, -- Atomo64 - Raphael Please avoid sending me Word, PowerPoint or Excel attachments. See http://www.gnu.org/philosophy/no-word-attachments.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]