shindig-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thiago Arrais (JIRA)" <>
Subject [jira] Updated: (SHINDIG-1274) Wrong signature for requests with arrays in query string
Date Wed, 27 Jan 2010 22:28:34 GMT


Thiago Arrais updated SHINDIG-1274:


The problem happens actually in two places.

Although the OAuth build_http_query code actually tries to be prepared for array parameters,
it encodes them using only the array name when they should actually include a pair of square
brackets in the key name.

The other problem lies in the SigningFetcher code. It does not deal with array parameters,
only with single-value parameters. It needs to correctly reproduce the signed request parameters.

I also removed the code that copied the query parameters from the original query from SigningFetcher,
since those are already copied into the signed request and get treated by the code that reproduces
the parameters from it.

> Wrong signature for requests with arrays in query string
> --------------------------------------------------------
>                 Key: SHINDIG-1274
>                 URL:
>             Project: Shindig
>          Issue Type: Bug
>          Components: PHP
>            Reporter: Thiago Arrais
>         Attachments:
> Shindig does not correctly sign requests with arrays in the query string. The problem
is in encoding arrays into the OAuth signature base string. When it receives something like
> the basestring includes "array%3D5%26array%3D9%26array%3D13", not "array%255B%255D%3D5%26array%255B%255D%3D9%26array%255B%255D%3D13"
as it should.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message