danprime / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

[php] - Patch: Issues with duplicate request parameters and escape brackets #100

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
1) If you have a request with "a=1&a=2" as the request parameters, the
contents of $_GET and $_POST will only see a=2

 Section 9.1.1.  of the OAuth spec states "If two or more parameters share
the same name, they are sorted by their value"

-> To fix this, I have introduced the function
OAuthUtil::oauth_parse_string to parse the raw request parameters. This
function ensures that duplicate parameters are not stripped.
   Example usage:  
       Instead of $_POST, you can use
       OAuthUtil::oauth_parse_string(file_get_contents('php://input'));

       Instead of $_GET, you can use
       OAuthUtil::oauth_parse_string($_SERVER["QUERY_STRING"]);

2) With the latest version of OAuth.php, if you have "a[]=1&a[]=2" in the
query string, the function get_signable_parameters() will return "a=1&a=2"
which is incorrect because "[" and "]" should be escaped. 

I have attached a patch to fix these issues.

Thanks,
Chirag Shah

Original issue reported on code.google.com by chiragsh...@gmail.com on 15 Apr 2009 at 6:23

Attachments:

GoogleCodeExporter commented 8 years ago
I have incorported a lot of your purposed changes as well with a few of my own 
on /branches/fangel-
chiragshah1..

You can do a code-review here:
http://code.google.com/p/oauth/source/branch?spec=issue104

Original comment by morten.f...@gmail.com on 16 May 2009 at 2:50

GoogleCodeExporter commented 8 years ago
(Sorry, "Started" is a better status)

Original comment by morten.f...@gmail.com on 16 May 2009 at 2:52

GoogleCodeExporter commented 8 years ago
The changes has been reviewed by termie, and has been merged into the main 
library. Could you verify this fixes 
your issues?

Original comment by morten.f...@gmail.com on 18 May 2009 at 6:02