Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.currently our site users are getting the following warning messages whenever they log in using the openid identity associated with their established site accounts - the warnings are only occurring when securepages is enabled, and do not interfere with login, but they are alarming our site visitors. :) we've taken a look at the lines referenced in the warning and have been unable to determine the problem. does anyone have an idea about how we can resolve this?
* warning: parse_url(/openid/authenticate?destination=user&openid.mode=id_res&openid.claimed_id=
http://general_jinjur.livejournal.com/&openid.identity=http://general_jinjur.livejournal.com/&openid.return_to=
http://testdrupal.transformativeworks.org/openid/authenticate%3Fdestination%3Duser&openid.response_nonce=
2009-04-01T02:11:17ZjOOCPb&openid.assoc_handle=1238184602:LdaiyoTGcFsFqt77SzIP:3c684f0fa8&openid.ns=
http://openid.net/signon/1.0&openid.signed=mode,claimed_id,identity,return_to,response_nonce,assoc_handle&openid.sig=
s1ckUTbK2/bLKWOSHJQVRhgR8mU%3D) [function.parse-url]: Unable to parse URL in /var/www/drupal/sites/all/modules/securepages/securepages.module on line 451.
* warning: extract() [function.extract]: First argument should be an array in /var/www/drupal/sites/all/modules/securepages/securepages.module on line 451.
* warning: parse_url(/openid/authenticate?destination=user&openid.mode=id_res&openid.claimed_id=
http://general_jinjur.livejournal.com/&openid.identity=http://general_jinjur.livejournal.com/&openid.return_to=
http://testdrupal.transformativeworks.org/openid/authenticate%3Fdestination%3Duser&openid.response_nonce=
2009-04-01T02:11:17ZjOOCPb&openid.assoc_handle=1238184602:LdaiyoTGcFsFqt77SzIP:3c684f0fa8&openid.ns=
http://openid.net/signon/1.0&openid.signed=mode,claimed_id,identity,return_to,response_nonce,assoc_handle&openid.sig=
s1ckUTbK2/bLKWOSHJQVRhgR8mU%3D) [function.parse-url]: Unable to parse URL in /var/www/drupal/sites/all/modules/securepages/securepages.module on line 95.
* warning: extract() [function.extract]: First argument should be an array in /var/www/drupal/sites/all/modules/securepages/securepages.module on line 95.
Comments
Comment #1
grendzy commentedI think the problem is that ':' isn't a valid character in a URL. They should be escaped with %3A. Could this be a bug in the OpenID module? I'm thinking someone forget to call drupal_urlencode().
Although, it would be nice if securepages checked the return value of parse_url. I'm also not clear on why extract() is used at all. Getting the array parts the normal way (e.g. $url['query']) seems better to me.
Comment #2
grendzy commentedjinjur: one other suggestion — you can disable on-screen error displays at /admin/settings/error-reporting.
Comment #3
markDrupal commentedThis error was showing up in our error logs as well
parse_url returns false when the URL is invalid, so maybe we could change line 95 to get rid of the extract error; change from
to
Comment #4
grendzy commentedIMHO, extract() should not be used at all in this context, because it's an example of the action at a distance anti-pattern. Using the hash returned by parse_url() directly would be better.
Comment #5
jinjur commentedgrendzy - thanks! not sure how i missed seeing just not displaying the error as an option. :)
i'll look at line 95 some more and see if i can make something work. thanks all for looking at this.
Comment #6
johnalbinI was seeing this with 6.x-1.7 and malformed URLs used by script kiddies.
Looks like the warnings are now suppressed in code as of 6.x-1.8. Shall we close?