What steps will reproduce the problem?
1. Do oauth verification etc
2. Validate connections are correct
3. Do a request on an URL with a request parameter (other then 'oauth_<xx>')
4. Above request signature is conform spec 9.1.2, so without the extra request
param
What is the expected output? What do you see instead?
oAuth request class will be called ('get_signable_parameters') and this does
next to the correct signable params, also return the extra param, whilst this
should be stripped
--Possible fix (OAuth.php:363) --
Add code:
// Ref: Spec: 9.1.2 ("The URL used in the Signature Base String MUST include the scheme, authority,
// and path, and MUST exclude the uery ")
foreach ($params as $param => $value) {
if (strpos($param, 'oauth_') !== 0) {
unset($params[$param]);
}
}
Original issue reported on code.google.com by marcelva...@gmail.com on 26 Sep 2011 at 8:45
Original issue reported on code.google.com by
marcelva...@gmail.comon 26 Sep 2011 at 8:45