joker-b / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

PHP Library filters out content-type header when not running on an apache #142

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
When not running on an apache server the get_headers method in the PHP
OAuth library only returns headers which start with "HTTP_", but filters
out all additional headers like "Content-Type" which is expected in the
OAuthRequest::from_request method.
This results in an invalid Signature because the POST parameters are not
included.

To fix this, the get_headers method could be changed like this:

  /**
   * helper to try to sort out headers for people who aren't running apache
   */
  private static function get_headers() {
    if (function_exists('apache_request_headers')) {
      // we need this to get the actual Authorization: header
      // because apache tends to tell us it doesn't exist
      return apache_request_headers();
    }
    // otherwise we don't have apache and are just going to have to hope
    // that $_SERVER actually contains what we need
    $out = array();
    foreach ($_SERVER as $key => $value) {
      if (substr($key, 0, 5) == "HTTP_") {
        $key = substr($key, 5);
      }
      // this is chaos, basically it is just there to capitalize the first
      // letter of every word that is not an initial HTTP and strip HTTP
      // code from przemek
      $key = str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ",
$key))));
      $out[$key] = $value;
    }
    return $out;
  }

Original issue reported on code.google.com by bashofm...@gmail.com on 25 Jan 2010 at 9:59

GoogleCodeExporter commented 9 years ago

Original comment by morten.f...@gmail.com on 17 Feb 2010 at 4:49

GoogleCodeExporter commented 9 years ago
Fixed in revision r1170. Didn't change it the way you purposed because I didn't 
want to import the entire 
$_SERVER superglobal as it contains quite a bit more than headers. Only added a 
special case for 
CONTENT_TYPE.

Please verify issue.

Original comment by morten.f...@gmail.com on 1 Mar 2010 at 7:06