ZF-12120: Zend_Oauth_Client gets wrong signable POST parameters

Issue Type:
Bug
Created:
2012-03-26T12:15:50.000+0000
Last Updated:
2012-03-26T12:15:50.000+0000
Status:
Open
Fix version(s):
    Reporter:
    David Arenas (daremar)
    Assignee:
    Pádraic Brady (padraic)
    Tags:
    • Zend_Oauth
    • OAuth
    • Zend_Oauth_Client
    • bug
    • patch
    Related issues:
    Attachments:

    Description

    I have found a bug in Zend_Oauth_Client class on _getSignableParametersAsQueryString method.

    Based on OAuth specification (http://oauth.net/core/1.0/#anchor14) only POST parameters with content-type of application/x-www-form-urlencoded should be encoded. Otherwise the authorization string won't be valid.

    Here the patch:

    Zend_Oauth_Client Line #307

    Change

    if (!empty($this->paramsPost)) {

    With

    if (!empty($this->paramsPost) && $this->enctype !== self::ENC_FORMDATA) {

    Comments

    No comments to display