Index: typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php =================================================================== --- typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php (revision 7119) +++ typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php (working copy) @@ -957,7 +957,11 @@ } if (!$assoc->checkMessageSignature($message)) { - return new Auth_OpenID_FailureResponse(null, + // If we get a "bad signature" here, it means that the association + // is unrecoverabley corrupted in some way. Any futher attempts + // to login with this association is likely to fail. Drop it. + $this->store->removeAssociation($server_url, $assoc_handle); + return new Auth_OpenID_FailureResponse(null, "Bad signature"); } } else { Index: typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch =================================================================== --- typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch (revision 7119) +++ typo3/sysext/openid/lib/php-openid/php-openid-typo3.patch (working copy) @@ -41,3 +41,21 @@ curl_exec($c); $code = curl_getinfo($c, CURLINFO_HTTP_CODE); +Index: typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php +=================================================================== +--- typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php (revision 7119) ++++ typo3/sysext/openid/lib/php-openid/Auth/OpenID/Consumer.php (working copy) +@@ -957,7 +957,11 @@ + } + + if (!$assoc->checkMessageSignature($message)) { +- return new Auth_OpenID_FailureResponse(null, ++ // If we get a "bad signature" here, it means that the association ++ // is unrecoverabley corrupted in some way. Any futher attempts ++ // to login with this association is likely to fail. Drop it. ++ $this->store->removeAssociation($server_url, $assoc_handle); ++ return new Auth_OpenID_FailureResponse(null, + "Bad signature"); + } + } else { + Index: typo3/sysext/openid/sv1/class.tx_openid_store.php =================================================================== --- typo3/sysext/openid/sv1/class.tx_openid_store.php (revision 7119) +++ typo3/sysext/openid/sv1/class.tx_openid_store.php (working copy) @@ -102,8 +102,13 @@ $result = null; if (is_array($row)) { - $result = @unserialize($row['content']); - $this->updateAssociationTimeStamp($row['tstamp']); + $result = @unserialize(base64_decode($row['content'])); + if ($result === false) { + $result = null; + } + else { + $this->updateAssociationTimeStamp($row['tstamp']); + } } return $result; } @@ -201,7 +206,7 @@ time()); $serializedAssociation = serialize($association); $values = array( - 'content' => $serializedAssociation, + 'content' => base64_encode($serializedAssociation), 'tstamp' => time(), ); $GLOBALS['TYPO3_DB']->exec_UPDATEquery(self::ASSOCIATION_TABLE_NAME, $where, $values); @@ -218,7 +223,7 @@ $serializedAssociation = serialize($association); $values = array( 'assoc_handle' => $association->handle, - 'content' => $serializedAssociation, + 'content' => base64_encode($serializedAssociation), 'crdate' => $association->issued, 'tstamp' => time(), 'expires' => $association->issued + $association->lifetime - self::ASSOCIATION_EXPIRATION_SAFETY_INTERVAL,