iovzt / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

OAuthStoreSQL->addServerToken() does not consider $user_id when fetching $ocr_id #80

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
addServerToken() looks for the appropriate ocr_id from oauth_consumer_registry 
when adding a server token to oauth_consumer_token. 

However, since it only filters by ocr_consumer_key without additionally 
filtering by ocr_usa_id_ref, and since there can technically be multiple rows 
in oauth_consumer_registry with the same ocr_consumer_key, it can fetch the 
wrong ocr_id.

That code should be:

$ocr_id = $this->query_one('
  SELECT ocr_id
  FROM oauth_consumer_registry
  WHERE ocr_consumer_key = \'%s\' AND ocr_usa_id_ref = %d
  ', $consumer_key, $user_id); 

Original issue reported on code.google.com by timtrini...@gmail.com on 12 Nov 2010 at 8:09

GoogleCodeExporter commented 8 years ago
The code already looks like this... Did you post the correct patch? Are you 
using the latest version?

Original comment by brunobg%...@gtempaccount.com on 17 Nov 2010 at 5:14

GoogleCodeExporter commented 8 years ago
Whoops - you're right. This is a duplicate of issue 27 and was fixed in r120.

Original comment by timtrini...@gmail.com on 23 Nov 2010 at 5:43

GoogleCodeExporter commented 8 years ago

Original comment by brunobg%...@gtempaccount.com on 23 Nov 2010 at 5:44