php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63572 getRequestToken does not put the first query result in the result array
Submitted: 2012-11-21 10:42 UTC Modified: 2012-11-22 23:13 UTC
From: hans at shapeways dot com Assigned: datibbaw
Status: Closed Package: oauth (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID:
 [2012-11-21 10:42 UTC] hans at shapeways dot com
Description:
------------
The example code 

return "authentification_url=".$this->authentification_url."&oauth_token=".$token."&oauth_token_secret=".$token_secret."&oauth_callback_confirmed=true";

is interpreted fine by getRequestToken, but when you fix the URL by replacing the first & with a ? then getRequestToken misses the first query item. The resulting array then looks like :

array(3) {
  ["authentication_url"]=>
  string(95) "http://testhost/login?oauth_token=3f47ff5646916c1ba1365896ac30ed171d86a803"
  ["oauth_token_secret"]=>
  string(40) "cf5213dd32b9b8150bbc3e48c993c569c3e47baa"
  ["oauth_callback_confirmed"]=>
  string(4) "true"
}

The oauth_token is still glued to the authentication_url.


Test script:
---------------
Feed this to getRequestToken :

return "authentification_url=".$this->authentification_url."?oauth_token=".$token."&oauth_token_secret=".$token_secret."&oauth_callback_confirmed=true";


( ps. here's a client-side workaround to fix the $info result array :
    if (   array_key_exists('oauth_token_secret', $info) &&
           array_key_exists('authentication_url', $info) &&
         ! array_key_exists('oauth_token', $info)) {
        $urlArray = parse_url($info['authentication_url']);
        $info['authentication_url'] = $urlArray['scheme'] .'://'. $urlArray['host'] . $urlArray['path'];
        parse_str($urlArray['query']);
        $info['oauth_token'] = $oauth_token;
    }   
)

Expected result:
----------------
array(3) {
  ["authentication_url"]=>
  string(21) "http://testhost/login"
  ["oauth_token"]=>
  string(40) "3f47ff5646916c1ba1365896ac30ed171d86a803"
  ["oauth_token_secret"]=>
  string(40) "cf5213dd32b9b8150bbc3e48c993c569c3e47baa"
  ["oauth_callback_confirmed"]=>
  string(4) "true"
}

Actual result:
--------------
array(3) {
  ["authentication_url"]=>
  string(95) "http://testhost/login?oauth_token=3f47ff5646916c1ba1365896ac30ed171d86a803"
  ["oauth_token_secret"]=>
  string(40) "cf5213dd32b9b8150bbc3e48c993c569c3e47baa"
  ["oauth_callback_confirmed"]=>
  string(4) "true"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-21 12:11 UTC] datibbaw@php.net
-Status: Open +Status: Not a bug
 [2012-11-21 12:11 UTC] datibbaw@php.net
I could be wrong in categorising as not a bug, but the authorisation url doesn't 
seem to be properly encoded.
 [2012-11-21 13:30 UTC] hans at shapeways dot com
Using x-www-form-urlencoding in the provider like this :

    header('Content-type: application/x-www-form-urlencoded');
    echo "authentication_url=". urlencode("http://". $_SERVER['SERVER_NAME'] . "/login?"). "oauth_token=" .$requestToken->getToken() ."&oauth_token_secret=".$requestToken->getTokenSecret() ."&oauth_callback_confirmed=true";

does not help. (But is indeed closer to the RFC, thanks for the hint !).

A var_dump of the array that getRequestToken returns still shows the oauth_token glued to the authentication_url part. So I think the bug remains.
 [2012-11-21 23:25 UTC] datibbaw@php.net
You're missing an & before oauth_token.
 [2012-11-22 08:59 UTC] hans at shapeways dot com
As oauth_token is the first query element the & has to be replaced with a ?
This is what the whole ticket is about. I think the bug remains.
 [2012-11-22 23:13 UTC] datibbaw@php.net
-Status: Not a bug +Status: Closed -Assigned To: +Assigned To: datibbaw
 [2012-11-22 23:13 UTC] datibbaw@php.net
I think you may have misread the specs. getRequestToken() expects a string that 
conforms to application/x-www-form-urlencoded.

You can generate this by simply using http_build_query():

return http_build_query(array(
        'authentification_url' => 'http://localhost/script?',
        'oauth_token' => 'doremi',
        'oauth_token_secret' => 'fasola',
        'oauth_callback_confirmed' => 'true'
));

Closing this bug.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sat Jun 24 07:01:39 2017 UTC