Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
[Solved] [GitHub Bug #907] OpenID broken for months

Even on this site.
I want to draw attention to GitHub Bug #907
Many of us are reliant on openid, this seem to be a conflict with recent authentication code.
It is not to do with the lightopenid code as far as I cans see. I have used the existing version and the curl version and they both validate (some minor changes are need for shared hosting but that is expected).
I wonder if it is to do with the postback.
I want to draw attention to GitHub Bug #907
Many of us are reliant on openid, this seem to be a conflict with recent authentication code.
It is not to do with the lightopenid code as far as I cans see. I have used the existing version and the curl version and they both validate (some minor changes are need for shared hosting but that is expected).
I wonder if it is to do with the postback.
grep is your friend.
Tagged:
0
Comments
I recommended in the next update that you use the curl version of LightOpenID, there is no good reason to use f* based transfers. There is a little modification that makes is shared hosting friendly.
I think the twitter, or another authenticator used curl for everything except to get the credentials, bit of a waste.
grep is your friend.
Once openid is validated. It needs to be carried over the various stages. Otherwise you end up going round in circles, it can't be validated twice.
grep is your friend.
grep is your friend.