Edit report at https://bugs.php.net/bug.php?id=60252&edit=1
ID: 60252
Comment by: hubert at muchlearning dot org
Reported by: ahmad at codeinchaos dot com
Summary: Signature issues with none-standard HTTP Methods
Status: Open
Type: Bug
Package: oauth
Operating System: Ubuntu/Linux
PHP Version: 5.3.8
Block user comment: N
Private report: N
New Comment:
Related, but not exactly the same issue: there also seems to be errors when
verifying the signature when there is more than one parameter with the same
name, or if array parameters are sent (e.g. parameters of the form
"foo[0]=bar", presumably because it is looking at $_POST instead of looking at
the raw POST data.
Previous Comments:
------------------------------------------------------------------------
[2011-11-09 18:29:31] ahmad at codeinchaos dot com
Description:
------------
I could be wrong in my understanding of oAuth 1.0a ... so I'm sorry if the
following does not apply:
the extension doesn't seem to be able to sign requests with a custom HTTP
Method
(verb) with a payload ...
ex:
curl -iH "Authorization: OAuth {PARAMS-HERE}" -d
"value1=foo&value2=foo2&value3=foo3 -X LINK http://domain.tld/api
signature always fails, because the extension does not grab the payload for
none
POST requests.
Expected result:
----------------
the oaugh signature should always use the payload body params regardless of the
HTTP Method.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60252&edit=1
