Hi, I just found out that this bug, along with other stuff, has already been fixed by Joseph Smarr on 11/24: http://groups.google.com/group/oauth/msg/0502f3682ac12c64
Who's reviewing the patches? This is somehow urgent because it will break every consumer implementation that tries to use the Authorization header. According to http://code.google.com/p/oauth/source/browse/code/php/OAuth.phplatest revision is from July 2008. If you give me commit privileges I can do that myself. Thanks, Bruno Pedro On Wed, Jan 14, 2009 at 10:57 AM, Bruno Pedro <[email protected]> wrote: > Hi all, > > I've been trying to do multipart/form-data POSTs to an OAuth API and in > order to be successful I must do the following: > > *2-* generate the OAuth signature *without* considering the payload; > > *2-* send the Authorization HTTP header containing the result of the > OAuthRequest::to_header(); > > *3-* send the payload using multipart/form-data using curl with > curl_setopt($ch, CURLOPT_POSTFIELDS, $params), where $params is an array. > > It turns out that the OAuthRequest::to_header() function has (small) a bug: > > *-* line 368 of http://oauth.googlecode.com/svn/code/php/OAuth.php should > read: > > $out ='Authorization: OAuth realm="' . $realm . '",'; > > instead of > > $out ='"Authorization: OAuth realm="' . $realm . '",'; > > (there's an extra double quote on the original script) > > I'm attaching a patch that should be applied ASAP because this issue > affects anyone who's trying to do multipart/form-data POSTs to OAuth APIs. > > Cheers, > > Bruno Pedro > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
