fix: validate claimed id in auth handler

Author: rumblefrog

web/includes/auth/handler/SteamAuthHandler.php

@@ -25,6 +25,10 @@ private function login()
     private function validate()
     {
         $pattern = "/^https:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
+
+        if (!preg_match($pattern, $this->openid->claimed_id))
+            return false;
+
         preg_match($pattern, $this->openid->identity, $match);
 
         return (!empty($match[1])) ? $match[1] : false;