You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This subject has been discussed several times before, but the current solution is not correct yet for POST requests.
The situation:
I'm updating a WP record which includes a URL post field like:
url=http://siteurl.com/page?key=xxxyyy%3D (the string '%3D' needs to be preserved)
However when it passes through the normalize_parameters function it creates the following data:
Array
(
[url] => http%3A%2F%2Fsiteurl.com%2Fpage%3Fkey%3Dxxxyyy%3D
)
Conclusion:
For POST data, the normalize_function should NOT rawurldecode the parameters as this is changing the incoming data hence the Oauth1 signature will not match anymore.
The text was updated successfully, but these errors were encountered:
I can confirm that #92 (when manually merged) is a fix for this issue. The merge is available on https://github.com/drsdre/OAuth1. If the authors of this plugin want, I can create a pull request.
The file name changed in that pull request does not even exist any more in the current version (which has been working fine for me for all OAuth requests and uploads for a long time now).
This subject has been discussed several times before, but the current solution is not correct yet for POST requests.
The situation:
I'm updating a WP record which includes a URL post field like:
url=http://siteurl.com/page?key=xxxyyy%3D (the string '%3D' needs to be preserved)
When the Oauth1 plugin processes the data, it receives the following post data:
Array
(
[url] => http://siteurl.com/page?key=xxxyyy%3D
)
However when it passes through the normalize_parameters function it creates the following data:
Array
(
[url] => http%3A%2F%2Fsiteurl.com%2Fpage%3Fkey%3Dxxxyyy%3D
)
(this decodes back into http://siteurl.com/page?key=xxxyyy= (instead of %3D).
Expected is:
Array
(
[url] => http%3A%2F%2Fsiteurl.com%2Fpage%3Fkey%3Dxxxyyy%253D
)
(this decodes back into http://siteurl.com/page?key=xxxyyy%3D).
Conclusion:
For POST data, the normalize_function should NOT rawurldecode the parameters as this is changing the incoming data hence the Oauth1 signature will not match anymore.
The text was updated successfully, but these errors were encountered: