Auth_OpenID_Parse fails to find link attributes in HTML with uppercase HEAD tag about php-openid HOT 9 CLOSED

Lowercasing the <head> tags (open and closed) seems to fix the parsing, which is weird because the regexp used to parse ends with a /si flags

from php-openid.

Actually lowercasing just the first is enough.
This is with PHP 5.6.19-0+deb8u1

from php-openid.

from #PHP IRC channel on Freenode:

18:17 <@TML> strk: But an XPath would be so much easier: $dom = new DOMDocument();
             $dom->loadHTML($data); $xpath = new DOMXPath($dom); $head =
             $xpath->query('//head')->items(0);

from php-openid.

I restricted the input further.
This does not work:

<HTML>
<HEAD>  
  <link rel="openid2.provider" href="https://id.kbt.io/" />
  <link rel="openid2.local_id" href="https://strk.kbt.io/openid/" />
</HEAD>

While this works:

<HTML>
<head>  
  <link rel="openid2.provider" href="https://id.kbt.io/" />
  <link rel="openid2.local_id" href="https://strk.kbt.io/openid/" />
</HEAD>

from php-openid.

The built regexp attempting to find that head block is this:

re:/<head\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?(?:head|body|html)\s*>|\Z))/si

from php-openid.

Commenting out the $match = $match[0] line in function match around line 218 of Auth/OpenID/Parse.php fixes this case.

from php-openid.

Sorry I was wrong, the actual fix is to always use preg_match rather than using mb_ereg_search after stripping flags (which is what makes that regexp case-sensitive).

So, what's the rationale to prefer mb_ereg_search over preg_match ?

from php-openid.

and the $match = $match[0] line needs to go away when preg_match is used...

from php-openid.

@pfefferle here you can find the testcase if you want to give it a try

from php-openid.