shindig-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Saputra (JIRA)" <j...@apache.org>
Subject [jira] Created: (SHINDIG-1322) Add space to the allowed param name for OAuthRequest.allowParam
Date Mon, 03 May 2010 18:09:58 GMT
Add space to the allowed param name for OAuthRequest.allowParam 
----------------------------------------------------------------

                 Key: SHINDIG-1322
                 URL: https://issues.apache.org/jira/browse/SHINDIG-1322
             Project: Shindig
          Issue Type: Bug
          Components: Java
    Affects Versions: 1.1-BETA5
            Reporter: Henry Saputra
            Priority: Minor
         Attachments: addSapcetoallowedParams.patch

The ALLOWED_PARAM_NAME used in OAuthRequest.allowParam to validate param names for decoded
parameter name from call to Oauth.decodeForm().

So if space is in the query parameter name is encoded correctly with "+"
or "%20", eg: submit+job", the call to OAuth.sanitize(List<Parameter>
params) will be decoded by OAuth.decodeForm method before being check by OAuthRequest.checkParam.
Hence the param name "submit job" which will cause it to fail pattern match.

This query parameter name (with space) is legal since it will be later
be encoded when signing the OAuthRequest inside
OAuthSignature.getBaseString.

Adding space as allowed character in the OAuthRequest.ALLOWED_PARAM_NAME to fix this.

Please review this at http://codereview.appspot.com/991045/show

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message