|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60252 Signature issues with none-standard HTTP Methods
Submitted: 2011-11-09 18:29 UTC Modified: -
Avg. Score:4.2 ± 1.2
Reproduced:9 of 10 (90.0%)
Same Version:9 (100.0%)
Same OS:6 (66.7%)
From: ahmad at codeinchaos dot com Assigned:
Status: Open Package: oauth (PECL)
PHP Version: 5.3.8 OS: Ubuntu/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: ahmad at codeinchaos dot com
New email:
PHP Version: OS:


 [2011-11-09 18:29 UTC] ahmad at codeinchaos dot com
I could be wrong in my understanding of oAuth 1.0a ... so I'm sorry if the 
following does not apply:

the extension doesn't seem to be able to sign requests with a custom HTTP Method 
(verb) with a payload ...

curl -iH "Authorization: OAuth {PARAMS-HERE}" -d 
"value1=foo&value2=foo2&value3=foo3 -X LINK http://domain.tld/api

signature always fails, because the extension does not grab the payload for none 
POST requests.

Expected result:
the oaugh signature should always use the payload body params regardless of the 
HTTP Method.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-15 01:10 UTC] hubert at muchlearning dot org
Related, but not exactly the same issue: there also seems to be errors when verifying the signature when there is more than one parameter with the same name, or if array parameters are sent (e.g. parameters of the form "foo[0]=bar", presumably because it is looking at $_POST instead of looking at the raw POST data.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Mar 03 10:01:29 2024 UTC