Ticket #65 (closed defect: wontfix)
OpenID code fails when CURL is not installed
| Reported by: | webmaster | ||
|---|---|---|---|
| Priority: | low | Milestone: | 7.3 |
| Component: | ExiteCMS Core | Version: | 7.2 |
| Severity: | Fix | Keywords: | core functionality security |
Description
The current OpenID class requires the CURL module to be installed, to access SSL sites with certificate checking.
Enabling OpenID on a site that doesn't have CURL cases the class to terminate, which makes p.e. the edit_profile module crash.
Change History
comment:2 Changed 3 years ago by WanWizard
- Priority changed from high to low
- Status changed from assigned to closed
- Resolution set to waitforfeedback
Created a fix for this problem using libcurlemu, with utilizes the cURL commandline tool if present, or emulating cURL in PHP if all else fails.
Don't have a PHP installation available without cURL linked in, so I can't test it.
Asked the user who reported the problem to test the fix, before I include it in the code.
comment:3 Changed 3 years ago by WanWizard
- Status changed from closed to reopened
- Resolution waitforfeedback deleted
Note: See
TracTickets for help on using
tickets.
Workaround and extra checks implemented in changeset [1978]: set the default authentication method for new installations to "Local database" only. added checks on the availability of the cURL library. If not present, OpenID will be disabled.
Leaving the ticket open because we need to replace the OpenID library by something that doesn't require external PHP modules