YIhad / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

OAuth POST request combines parameters from original server request with parameters being sent via oauth for Oauth consumers #130

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. POST data to your server 
2. In that request to your server create an oauth request that is also a post 
request.
3. The parameters from the POST body to your server will be passed on in your 
oauth request

What is the expected output? What do you see instead?

Only parameters passed to the new request should be sent

What version of the product are you using? On what operating system?

Latest from SVN. OSX

Please provide any additional information below.

The problem is caused when getRequestBody is called since it reads from 
php://input. This would be desired behaviour for an OAuth provider but not for 
a OAuth Consumer. Because OAuthRequester is ultimately a subclass of 
OAuthRequest the request becomes jumbled.

Line 130 in OAuthRequest.php is where the method is called
Lines 114 - 141 are of interest. It looks like the same issue could occur with 
a PUT request.

Original issue reported on code.google.com by glademil...@gmail.com on 5 Dec 2012 at 8:17

GoogleCodeExporter commented 9 years ago
Looks like this is a duplicate of 66

Original comment by glademil...@gmail.com on 5 Dec 2012 at 8:19