Issues

ZF-10344: Zend_Oauth_Client does not urldecode custom parameters

Description

If I choose Zend_Oauth::REQUEST_SCHEME_QUERYSTRING to be request scheme for my instance of Zend_Oauth_Client, so here is what happens (Zend/Oauth/Client.php lines 266-284):


            $params = array();
            $query = $this->getUri()->getQuery();
            if ($query) {
                $queryParts = explode('&', $this->getUri()->getQuery());
                foreach ($queryParts as $queryPart) {
                    $kvTuple = explode('=', $queryPart);
                    $params[$kvTuple[0]] = 
                        (array_key_exists(1, $kvTuple) ? $kvTuple[1] : NULL);
                }
            }
            if (!empty($this->paramsPost)) {
                $params = array_merge($params, $this->paramsPost);
                $query  = $this->getToken()->toQueryString(
                    $this->getUri(true), $this->_config, $params
                );
            }
            $query = $this->getToken()->toQueryString(
                $this->getUri(true), $this->_config, $params
            );

This code takes already prepared uri with all parameters urlendcoded and splits them back into the array of parameters. Then it adds oAuth parameters and composes the new uri. The problem here is that custom parameters from the original uri get urlencoded again, so they become "double urlencoded".

This bug is the only thing that makes it really impossible to use Zend_Oauth along with Zend_Gdata to access Google Api using oAuth authentication. To fix it, simply use urldecode() for both parameter name and parameter value when breaking an url to parameters array.

Comments

Fixed in r23074 in trunk. Reopen this issue if there are any problems with this.