ZF-12120: Zend_Oauth_Client gets wrong signable POST parameters

Description

I have found a bug in Zend_Oauth_Client class on _getSignableParametersAsQueryString method.

Based on OAuth specification (http://oauth.net/core/1.0/#anchor14) only POST parameters with content-type of application/x-www-form-urlencoded should be encoded. Otherwise the authorization string won't be valid.

Here the patch:

Zend_Oauth_Client Line #307

Change

if (!empty($this->paramsPost)) {

With

if (!empty($this->paramsPost) && $this->enctype !== self::ENC_FORMDATA) {

Comments

No comments to display