[
https://issues.apache.org/jira/browse/SHINDIG-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12805865#action_12805865
]
Thiago Arrais commented on SHINDIG-1274:
----------------------------------------
I tried to chase down the origins of Shindig's OAuth.php, but couldn't be sure
that it came from OAuth PHP. I agree that it would be easier to upgrade to the
latest version if that one fixes this bug (and if it doesn't, this patch really
belongs there). There is the fix to SingingFetcher that is Shinding specific,
though.
Query strings like that were not tested.
> Wrong signature for requests with arrays in query string
> --------------------------------------------------------
>
> Key: SHINDIG-1274
> URL: https://issues.apache.org/jira/browse/SHINDIG-1274
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Reporter: Thiago Arrais
> Attachments:
> fix-1247-adds.support.for.array.parameters.in.signed.request.patch
>
>
> Shindig does not correctly sign requests with arrays in the query string. The
> problem is in encoding arrays into the OAuth signature base string. When it
> receives something like
> http://example.com/resource?array%5B%5D=5&array%5B%5D=9&array%5B%5D=13
> the basestring includes "array%3D5%26array%3D9%26array%3D13", not
> "array%255B%255D%3D5%26array%255B%255D%3D9%26array%255B%255D%3D13" as it
> should.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
