Auth_OpenID_Parse fails to find link attributes in HTML with uppercase HEAD tag

[strk]

Offending HTML:

<HTML>
<HEAD>
    <TITLE>strk's publications</TITLE>
        <link rel="stylesheet"
     href="style.css" type="text/css">




  <link rel="openid2.provider" href="https://id.xxx.io/" />
  <link rel="openid2.local_id" href="https://strk.xxx.io/openid/" />

</HEAD>
<BODY BGCOLOR="#FFFFFF">

The Auth_OpenID_Parse's parseLinkAttrs returns empty when passed that HTML.
Why not using DOM rather than regexps in that function ?

[strk]

Lowercasing the <head> tags (open and closed) seems to fix the parsing, which is weird because the regexp used to parse ends with a /si flags

[strk]

Actually lowercasing just the first is enough.
This is with PHP 5.6.19-0+deb8u1

[strk]

from #PHP IRC channel on Freenode:

18:17 <@TML> strk: But an XPath would be so much easier: $dom = new DOMDocument();
             $dom->loadHTML($data); $xpath = new DOMXPath($dom); $head =
             $xpath->query('//head')->items(0);

[strk]

I restricted the input further.
This does not work:

<HTML>
<HEAD>  
  <link rel="openid2.provider" href="https://id.kbt.io/" />
  <link rel="openid2.local_id" href="https://strk.kbt.io/openid/" />
</HEAD>

While this works:

<HTML>
<head>  
  <link rel="openid2.provider" href="https://id.kbt.io/" />
  <link rel="openid2.local_id" href="https://strk.kbt.io/openid/" />
</HEAD>

[strk]

The built regexp attempting to find that head block is this:

re:/<head\b(?!:)([^>]*?)(?:\/>|>(.*)(?:<\/?(?:head|body|html)\s*>|\Z))/si

[strk]

Commenting out the $match = $match[0] line in function match around line 218 of Auth/OpenID/Parse.php fixes this case.

[strk]

Sorry I was wrong, the actual fix is to always use preg_match rather than using mb_ereg_search after stripping flags (which is what makes that regexp case-sensitive).

So, what's the rationale to prefer mb_ereg_search over preg_match ?

[strk]

and the $match = $match[0] line needs to go away when preg_match is used...

[strk]

@pfefferle here you can find the testcase if you want to give it a try