xrds_parse | xrds.inc | Drupal 6

Main entry point for parsing XRDS documents

1 call to xrds_parse()

openid_discovery in modules/openid/openid.module: Perform discovery on a claimed ID to determine the OpenID provider endpoint.

File

modules/openid/xrds.inc, line 11

Code

function xrds_parse($xml) {
  global $xrds_services;
  $parser = xml_parser_create_ns();
  xml_set_element_handler($parser, '_xrds_element_start', '_xrds_element_end');
  xml_set_character_data_handler($parser, '_xrds_cdata');

  // Since DOCTYPE declarations from an untrusted source could be malicious, we
  // stop parsing here and treat the XML as invalid. XRDS documents do not
  // require, and are not expected to have, a DOCTYPE.
  if (preg_match('/<!DOCTYPE/i', $xml)) {
    return array();
  }

  // Also stop parsing if there is an unreasonably large number of tags.
  // substr_count() has much better performance (compared to preg_match_all())
  // for large payloads but is less accurate, so we check for twice the desired
  // number of allowed tags (to take into account opening/closing tags as well
  // as false positives).
  if (substr_count($xml, '<') > 2 * variable_get('openid_xrds_maximum_tag_count', 30000)) {
    return array();
  }
  xml_parse($parser, $xml);
  xml_parser_free($parser);
  return $xrds_services;
}

function xrds_parse

File

Code

Search Drupal 6

News items

Our community

Documentation

Drupal code base

Governance of community