Issues

ZF-12120: Zend_Oauth_Client gets wrong signable POST parameters

Issue Type: Bug Created: 2012-03-26T12:15:50.000+0000 Last Updated: 2012-03-26T12:15:50.000+0000 Status: Open Fix version(s): Reporter: David Arenas (daremar) Assignee: Pádraic Brady (padraic) Tags: - Zend_Oauth

  • OAuth
  • Zend_Oauth_Client
  • bug
  • patch

Related issues: Attachments:

Description

I have found a bug in Zend_Oauth_Client class on _getSignableParametersAsQueryString method.

Based on OAuth specification (http://oauth.net/core/1.0/#anchor14) only POST parameters with content-type of application/x-www-form-urlencoded should be encoded. Otherwise the authorization string won't be valid.

Here the patch:

Zend_Oauth_Client Line #307

Change

if (!empty($this->paramsPost)) {

With

if (!empty($this->paramsPost) && $this->enctype !== self::ENC_FORMDATA) {

Comments

No comments to display

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts