scream78 / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Ampersands in signatures double encoded when making POST OAuth calls #49

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Make a PLAINTEXT OAuth call with the OAuth parameters in the POST body.

What is the expected output? What do you see instead?

Ampersands in the oauth_signature POST parameter should be encoded just
once (%26). Instead they're double encoded (%2526), causing problems with
some service providers.

What version of the product are you using? On what operating system?

r678 of OAuth.php

Please provide any additional information below.

The following diff to OAuthSignatureMethod_PLAINTEXT::build_signature()
appears to remedy the issue, however I haven't tested it extensively to see
if it causes issues in other parts of the code:

-     return OAuthUtil::urlencodeRFC3986($raw);
+     return $raw;

Original issue reported on code.google.com by rcken...@gmail.com on 10 Oct 2008 at 10:41

GoogleCodeExporter commented 9 years ago

Original comment by jmkrist...@gmail.com on 22 Oct 2008 at 5:21

GoogleCodeExporter commented 9 years ago

Original comment by morten.f...@gmail.com on 18 May 2009 at 6:07

GoogleCodeExporter commented 9 years ago
This is indeed correct. The PLAINTEXT signature method returns the signature 
urlencoded, and all the 
serialize-methods (to_header, to_url, to_postdata) performs urlencoding once 
more. 

I have updated the Unittest to test both the output from the signature-method 
as well as after serialization so 
it's tested that the final output will only be encoded once..

I will commit updated code, along with the unit-tests, withing the next couple 
of days..

-Morten

Original comment by morten.f...@gmail.com on 21 May 2009 at 8:57

GoogleCodeExporter commented 9 years ago
Did this ever get fixed?  I'm having problems with POST's failing.

Original comment by kennw...@gmail.com on 9 Oct 2009 at 11:08

GoogleCodeExporter commented 9 years ago
#4: There is a patch which solves it, hasn't made it into SVN.. When I get the 
time I will make sure it makes it's 
way to the official repo.. Sorry, I've been preoccupied with other duties.. 

Original comment by morten.f...@gmail.com on 10 Oct 2009 at 6:42

GoogleCodeExporter commented 9 years ago
This issue was closed by revision r1163.

Original comment by morten.f...@gmail.com on 5 Jan 2010 at 11:30