bencorlett
commented
4 years ago I have opened a PR to fix this in V1! I'm fairly sure the (unreleased) V2 does not suffer from this but I will also add a test to confirm.
Closed wgnann closed 4 years ago
bencorlett
commented
4 years ago I have opened a PR to fix this in V1! I'm fairly sure the (unreleased) V2 does not suffer from this but I will also add a test to confirm.
bencorlett
commented
4 years ago Yep, v2 is not affected. I've added tests to prove the functionality works.
Thank you very much for the bug report!
https://github.com/thephpleague/oauth1-client/blob/3a68155c3f27a91f4b66a2dc03996cd6f3281c9f/src/Signature/EncodesUrl.php#L37
Since
$url->getHost()returns only the IP/DNS, a path likehttps://example.org:8080/oauthis signed ashttps://example.org/oauth, voiding the hash.Thank you!