Hi Bruno, I've added you to the repository so you can commit this change. It's true that we haven't developed a good process for code review and submitting patches. There have been a few language-specific mailing lists that have spun off and are making changes, however -- though none for PHP yet.
Chris On Wed, Jan 14, 2009 at 3:56 AM, Bruno Pedro <[email protected]> wrote: > Hi, > > I just found out that this bug, along with other stuff, has already been > fixed by Joseph Smarr on 11/24: > http://groups.google.com/group/oauth/msg/0502f3682ac12c64 > > Who's reviewing the patches? This is somehow urgent because it will break > every consumer implementation that tries to use the Authorization header. > According to > http://code.google.com/p/oauth/source/browse/code/php/OAuth.php latest > revision is from July 2008. > > If you give me commit privileges I can do that myself. > > Thanks, > > Bruno Pedro > > > > On Wed, Jan 14, 2009 at 10:57 AM, Bruno Pedro <[email protected]> wrote: > >> Hi all, >> >> I've been trying to do multipart/form-data POSTs to an OAuth API and in >> order to be successful I must do the following: >> >> *2-* generate the OAuth signature *without* considering the payload; >> >> *2-* send the Authorization HTTP header containing the result of the >> OAuthRequest::to_header(); >> >> *3-* send the payload using multipart/form-data using curl with >> curl_setopt($ch, CURLOPT_POSTFIELDS, $params), where $params is an array. >> >> It turns out that the OAuthRequest::to_header() function has (small) a >> bug: >> >> *-* line 368 of http://oauth.googlecode.com/svn/code/php/OAuth.php should >> read: >> >> $out ='Authorization: OAuth realm="' . $realm . '",'; >> >> instead of >> >> $out ='"Authorization: OAuth realm="' . $realm . '",'; >> >> (there's an extra double quote on the original script) >> >> I'm attaching a patch that should be applied ASAP because this issue >> affects anyone who's trying to do multipart/form-data POSTs to OAuth APIs. >> >> Cheers, >> >> Bruno Pedro >> > > > > > -- Chris Messina Citizen-Participant & Open Web Advocate-at-Large factoryjoe.com # diso-project.org citizenagency.com # vidoop.com This email is: [ ] bloggable [X] ask first [ ] private --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
