[horde] H6 bug: verifySignedUrl

[J.M. Stoorvogel]

Citeren Torben Dannhauer <torben at dannhauer.info>:

> Hi,
>
> The function verifySignedUrl($data, now = null) is a trouble  
> troublemaker in H6.
>
> This function seems to expect a string, but this works only as  
> expected in fresh logins.
>
> If you switch to another WiFi and then try to open another app in  
> horde, the verification is triggered (makes sense). Unfortunately  
> this time the passed data to the verification function is an array  
> instead.
> It seems the url array is taken from horde  
> $injector->getInstance(‘Horde_Variables’);
>
> How is the desired approach?
> a) Should we ensure it is always called as string and the  
> restructure aller callers, or
> b) should we make the function itself instead more resilient. This  
> is a bit tricky as the lifetime is included in the hash.
>
> Thanks,
> Torben
>
>
> Von unterwegs gesendet
> Sent from mobile
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

This issue (not accepting arrays of strings) is/was seen in different  
parts in the codebase. It's a result of the restructuring of PHP from  
weakly typed language to less weakly typed. In it's process it wrecks  
old code.

I would highly recommend extending Horde's base functions to be less  
dependant on PHP and it's quirks and therefore write a new function  
whenever these issues are encountered.

If it's already a Horde function, then adjusting the function would be  
the way to go I suppose.

Adjusting one function seems way less work than adjusting all contexts  
in which it's called.
-- 
Met vriendelijke groet,

J.M. Stoorvogel
06-23352273