Issues

ZF-10019: Zend_Oauth_Consumer::getAccessToken() overrides request parameters if oauth_verifier exists.

Issue Type: Bug Created: 2010-06-20T10:59:00.000+0000 Last Updated: 2010-06-20T11:24:49.000+0000 Status: Resolved Fix version(s): - 1.10.6 (22/Jun/10)

Reporter: Adrian Meyer (adrmey) Assignee: Pádraic Brady (padraic) Tags: - Zend_Oauth

Related issues: Attachments:

Description

I found a bug in Zend_Oauth.

Example code:

<pre class="highlight">
// get request token
...

// get access token
$consumer    = new Zend_Oauth_Consumer($config);
$accessToken = new Zend_Oauth_Http_AccessToken($consumer, array('method' => 'oauth.getAccessToken'));
$token       = $consumer->getAccessToken($_GET, $requestToken, null, $accessToken);

The second parameter for Zend_Oauth_Http_AccessToken::__construct() (array('method' => 'oauth.getAccessToken')) will be overriden if the request token contains the oauth_verifier parameter.

This happens in Zend/Oauth/Consumer.php:

<pre class="highlight">
// OAuth 1.0a Verifier
if (!is_null($authorizedToken->getParam('oauth_verifier'))) {
    $request->setParameters(array(
        'oauth_verifier' => $authorizedToken->getParam('oauth_verifier')
    ));
}

A simple fix for this issue:

<pre class="highlight">
// OAuth 1.0a Verifier
if (!is_null($authorizedToken->getParam('oauth_verifier'))) {
    $params = array_merge($request->getParameters(), array(
        'oauth_verifier' => $authorizedToken->getParam('oauth_verifier')
    ));
    
    $request->setParameters($params);
}

So the parameters will be merged and not overridden. This is necessary to get the digg API working.

Comments

Posted by Pádraic Brady (padraic) on 2010-06-20T11:24:41.000+0000

Fixed in r22474. Thank you for the report!

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts