|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60252 Signature issues with none-standard HTTP Methods
Submitted: 2011-11-09 18:29 UTC Modified: -
Avg. Score:4.2 ± 1.2
Reproduced:9 of 10 (90.0%)
Same Version:9 (100.0%)
Same OS:6 (66.7%)
From: ahmad at codeinchaos dot com Assigned:
Status: Open Package: oauth (PECL)
PHP Version: 5.3.8 OS: Ubuntu/Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ahmad at codeinchaos dot com
New email:
PHP Version: OS:


 [2011-11-09 18:29 UTC] ahmad at codeinchaos dot com
I could be wrong in my understanding of oAuth 1.0a ... so I'm sorry if the 
following does not apply:

the extension doesn't seem to be able to sign requests with a custom HTTP Method 
(verb) with a payload ...

curl -iH "Authorization: OAuth {PARAMS-HERE}" -d 
"value1=foo&value2=foo2&value3=foo3 -X LINK http://domain.tld/api

signature always fails, because the extension does not grab the payload for none 
POST requests.

Expected result:
the oaugh signature should always use the payload body params regardless of the 
HTTP Method.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-15 01:10 UTC] hubert at muchlearning dot org
Related, but not exactly the same issue: there also seems to be errors when verifying the signature when there is more than one parameter with the same name, or if array parameters are sent (e.g. parameters of the form "foo[0]=bar", presumably because it is looking at $_POST instead of looking at the raw POST data.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jun 12 21:01:32 2024 UTC