PHP :: Bug #64308 :: Protocol and host name not lowercased when generating signature base string

Bug #64308	Protocol and host name not lowercased when generating signature base string
Submitted:	2013-02-27 10:07 UTC	Modified:	2013-11-12 22:52 UTC
From:	jaisen at jmathai dot com	Assigned:	jawed (profile)
Status:	Closed	Package:	oauth (PECL)
PHP Version:	5.3Git-2013-02-27 (snap)	OS:	Linux / OSX
Private report:	No	CVE-ID:	None

View Developer Edit

[2013-02-27 10:07 UTC] jaisen at jmathai dot com

Description:
------------
Per 9.1.2 in the OAuth 1.0a spec it states that the scheme and authority should be lowercased.

http://oauth.net/core/1.0a/#anchor13

As seen by the actual resulting debug_sbs that isn't the case for the authority/hostname.

Expected result:
----------------
The signature base string should be computed by lowercasing the host and protocol.

Actual result:
--------------
oauth_problem=signature_invalid&debug_sbs=GET&http%3A%2F%2FSimonWpt.trovebox.com%2Fhello.json&auth%3Dtrue%26oauth_consumer_key%3D***************%26oauth_nonce%3DIVziV%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1361954784%26oauth_token%3D****************%26oauth_version%3D1.0

Patches

bug_64308.patch (last revision 2013-11-12 22:22 UTC by mjpelmear at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-02-28 01:42 UTC] datibbaw@php.net

I guess we've conveniently skipped that ;-)

Btw, the correct documentation link is: 
http://oauth.net/core/1.0a/#rfc.section.9.1.2

[2013-02-28 04:07 UTC] jaisen at jmathai dot com

It was an elusive bug and only affected a small portion of our users.

Looking forward to the fix and thanks for this great extension.

[2013-11-12 22:50 UTC] jawed@php.net

Automatic comment from SVN on behalf of jawed
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=332108
Log: Bug 64308 (patch via mjpelmear at gmail dot com)

[2013-11-12 22:52 UTC] jawed@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: jawed

[2013-11-12 22:52 UTC] jawed@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Looks fine to me, applied. Thanks!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun May 11 10:01:27 2025 UTC