search

germanzero / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

Redirect for non-http(s) schemes is always forbidden(even if manually allowed) #110

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?

1. Setting the OAuth Server options to allow all URI schemes
   $options = array(
         'allowed_uri_schemes' => array(),
         'disallowed_uri_schemes' => array()
         );

2. Redirect the OAuth callback to a non-http(s) URI
3.

What is the expected output? What do you see instead?
Expected: A normal working redirect.

Instead: throwing OAuthException2('Illegal protocol in redirect uri '.$uri);

What version of the product are you using? On what operating system?
Latest, 175.

OAuthRequester.php in function redirect() is checking for hardcoded 'http' and 
'https' strings. This fails for URIs not using these schemes resulting in a not 
working redirect despite setting the allowed URI schemes.

Original issue reported on code.google.com by matthias...@gmail.com on 12 May 2011 at 12:53