cannot view protected user's status in oauth mode

ashishkranjan / dabr

Automatically exported from code.google.com/p/dabr

0 stars 0 forks source link

cannot view protected user's status in oauth mode #81

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What are the steps to trigger the problem?
1) login using oauth
2) view protected user's status ( http://BASE_URL/status/status_id)

What happened?
403 error

What did you expect to happen?
I can view my friend's status even he protected himself

Original issue reported on code.google.com by cnye...@gmail.com on 8 Nov 2009 at 12:20

GoogleCodeExporter commented 9 years ago

This is because $_GLOBALS['user'] is empty when calling twitter_process in 
oauth mode.

Quick fix:
add these code in the beginning of function twitter_process

      if (!isset($GLOBALS['user'])) {
          if(array_key_exists('USER_AUTH', $_COOKIE)) {
              _user_decrypt_cookie($_COOKIE['USER_AUTH']);
          } else {
              $GLOBALS['user'] = array();
          }
      }

These code is from function user_is_authenticated.

Original comment by cnye...@gmail.com on 16 Nov 2009 at 1:21

GoogleCodeExporter commented 9 years ago

Security setting fixed in r245

Original comment by david.carrington on 16 Nov 2009 at 1:33

Changed state: Fixed