|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63211 oauth_provider_get_current_HTTPS server variable
Submitted: 2012-10-03 17:18 UTC Modified: 2013-02-18 00:36 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: robert at commonsku dot com Assigned:
Status: No Feedback Package: oauth (PECL)
PHP Version: Irrelevant OS: Ubuntu 12.04
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-10-03 17:18 UTC] robert at commonsku dot com
This bug occurs in version 1.2.3.

The function oauth_provider_get_current_uri in provider.c returns an incorrect 
uri when the $_SERVER['HTTP'] variable is set, but empty.  It interprets this to 
mean that the protocol should be https.

The PHP documentation at 
states that $_SERVER['HTTPS'] is "Set to a non-empty value if the script was 
queried through the HTTPS protocol."

This implies (although not unambiguously) that if $_SERVER['HTTPS'] set, but 
empty, the protocol should be http.

This error occurs for me when I am using nginx and I have the directive:
fastcgi_param HTTPS $https;

The result is that the calculated signature does not match the signature that I 
send.  OAuthProvider::reportProblem() shows that the URI is using the https 

The error could be fixed in provider.c (rev 327831) line 438 by checking whether 
the https variable is empty.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-03 18:57 UTC]
Automatic comment from SVN on behalf of jawed
Log: Bug 63211
 [2012-10-03 18:57 UTC]
Please try using this snapshot:
For Windows:

Can you please try trunk?

- JJ
 [2012-10-03 18:57 UTC]
-Status: Open +Status: Feedback
 [2013-02-18 00:36 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2013-03-26 13:47 UTC] msamson at fuelyouth dot com
Facing the same issue on nginx + php-fpm.

Debugging the get_current_uri function shoes the https var being empty.

The proposed patch fixed the issue.

Thanks jawed!
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon May 20 13:01:34 2024 UTC