PHP :: Bug #63572 :: getRequestToken does not put the first query result in the result array

Bug #63572	getRequestToken does not put the first query result in the result array
Submitted:	2012-11-21 10:42 UTC	Modified:	2012-11-22 23:13 UTC
From:	hans at shapeways dot com	Assigned:	datibbaw (profile)
Status:	Closed	Package:	oauth (PECL)
PHP Version:	Irrelevant	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hans at shapeways dot com
New email:
PHP Version:		OS:

New Comment:

[2012-11-21 10:42 UTC] hans at shapeways dot com

Description:
------------
The example code 

return "authentification_url=".$this->authentification_url."&oauth_token=".$token."&oauth_token_secret=".$token_secret."&oauth_callback_confirmed=true";

is interpreted fine by getRequestToken, but when you fix the URL by replacing the first & with a ? then getRequestToken misses the first query item. The resulting array then looks like :

array(3) {
  ["authentication_url"]=>
  string(95) "http://testhost/login?oauth_token=3f47ff5646916c1ba1365896ac30ed171d86a803"
  ["oauth_token_secret"]=>
  string(40) "cf5213dd32b9b8150bbc3e48c993c569c3e47baa"
  ["oauth_callback_confirmed"]=>
  string(4) "true"
}

The oauth_token is still glued to the authentication_url.


Test script:
---------------
Feed this to getRequestToken :

return "authentification_url=".$this->authentification_url."?oauth_token=".$token."&oauth_token_secret=".$token_secret."&oauth_callback_confirmed=true";


( ps. here's a client-side workaround to fix the $info result array :
    if (   array_key_exists('oauth_token_secret', $info) &&
           array_key_exists('authentication_url', $info) &&
         ! array_key_exists('oauth_token', $info)) {
        $urlArray = parse_url($info['authentication_url']);
        $info['authentication_url'] = $urlArray['scheme'] .'://'. $urlArray['host'] . $urlArray['path'];
        parse_str($urlArray['query']);
        $info['oauth_token'] = $oauth_token;
    }   
)

Expected result:
----------------
array(3) {
  ["authentication_url"]=>
  string(21) "http://testhost/login"
  ["oauth_token"]=>
  string(40) "3f47ff5646916c1ba1365896ac30ed171d86a803"
  ["oauth_token_secret"]=>
  string(40) "cf5213dd32b9b8150bbc3e48c993c569c3e47baa"
  ["oauth_callback_confirmed"]=>
  string(4) "true"
}

Actual result:
--------------
array(3) {
  ["authentication_url"]=>
  string(95) "http://testhost/login?oauth_token=3f47ff5646916c1ba1365896ac30ed171d86a803"
  ["oauth_token_secret"]=>
  string(40) "cf5213dd32b9b8150bbc3e48c993c569c3e47baa"
  ["oauth_callback_confirmed"]=>
  string(4) "true"
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-11-21 12:11 UTC] datibbaw@php.net

-Status: Open +Status: Not a bug

[2012-11-21 12:11 UTC] datibbaw@php.net

I could be wrong in categorising as not a bug, but the authorisation url doesn't 
seem to be properly encoded.

[2012-11-21 13:30 UTC] hans at shapeways dot com

Using x-www-form-urlencoding in the provider like this :

    header('Content-type: application/x-www-form-urlencoded');
    echo "authentication_url=". urlencode("http://". $_SERVER['SERVER_NAME'] . "/login?"). "oauth_token=" .$requestToken->getToken() ."&oauth_token_secret=".$requestToken->getTokenSecret() ."&oauth_callback_confirmed=true";

does not help. (But is indeed closer to the RFC, thanks for the hint !).

A var_dump of the array that getRequestToken returns still shows the oauth_token glued to the authentication_url part. So I think the bug remains.

[2012-11-21 23:25 UTC] datibbaw@php.net

You're missing an & before oauth_token.

[2012-11-22 08:59 UTC] hans at shapeways dot com

As oauth_token is the first query element the & has to be replaced with a ?
This is what the whole ticket is about. I think the bug remains.

[2012-11-22 23:13 UTC] datibbaw@php.net

-Status: Not a bug +Status: Closed -Assigned To: +Assigned To: datibbaw

[2012-11-22 23:13 UTC] datibbaw@php.net

I think you may have misread the specs. getRequestToken() expects a string that 
conforms to application/x-www-form-urlencoded.

You can generate this by simply using http_build_query():

return http_build_query(array(
        'authentification_url' => 'http://localhost/script?',
        'oauth_token' => 'doremi',
        'oauth_token_secret' => 'fasola',
        'oauth_callback_confirmed' => 'true'
));

Closing this bug.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon May 12 04:01:29 2025 UTC