ZF-10344: Zend_Oauth_Client does not urldecode custom parameters

Issue Type: Bug Created: 2010-08-19T15:37:57.000+0000 Last Updated: 2010-10-10T13:20:36.000+0000 Status: Resolved Fix version(s): - 1.11.1 (30/Nov/10)

Reporter: Alexander Steshenko (lcf) Assignee: Pádraic Brady (padraic) Tags: - Zend_Oauth

Related issues: Attachments:


If I choose Zend_Oauth::REQUEST_SCHEME_QUERYSTRING to be request scheme for my instance of Zend_Oauth_Client, so here is what happens (Zend/Oauth/Client.php lines 266-284):

<pre class="highlight">
            $params = array();
            $query = $this->getUri()->getQuery();
            if ($query) {
                $queryParts = explode('&', $this->getUri()->getQuery());
                foreach ($queryParts as $queryPart) {
                    $kvTuple = explode('=', $queryPart);
                    $params[$kvTuple[0]] = 
                        (array_key_exists(1, $kvTuple) ? $kvTuple[1] : NULL);
            if (!empty($this->paramsPost)) {
                $params = array_merge($params, $this->paramsPost);
                $query  = $this->getToken()->toQueryString(
                    $this->getUri(true), $this->_config, $params
            $query = $this->getToken()->toQueryString(
                $this->getUri(true), $this->_config, $params

This code takes already prepared uri with all parameters urlendcoded and splits them back into the array of parameters. Then it adds oAuth parameters and composes the new uri. The problem here is that custom parameters from the original uri get urlencoded again, so they become "double urlencoded".

This bug is the only thing that makes it really impossible to use Zend_Oauth along with Zend_Gdata to access Google Api using oAuth authentication. To fix it, simply use urldecode() for both parameter name and parameter value when breaking an url to parameters array.


Posted by Pádraic Brady (padraic) on 2010-10-10T13:20:36.000+0000

Fixed in r23074 in trunk. Reopen this issue if there are any problems with this.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.