php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65766 Invalid SBS for arrays in query string
Submitted: 2013-09-26 12:29 UTC Modified: 2013-09-26 12:40 UTC
From: m dot kurzyna at crystalpoint dot pl Assigned:
Status: Open Package: oauth (PECL)
PHP Version: 5.5.4 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-09-26 12:29 UTC] m dot kurzyna at crystalpoint dot pl
Description:
------------
OAuth extension generates invalid SBS for requests with array params. This happens both with oauth_get_sbs and with OAuthProvider (although results differ).

For oauth_get_sbs() key names are lost when generating SBS. However when setting collapsed param name as string methods yelds correct results:

oauth_get_sbs("GET","http://host/path", [ "include[answers]" => 1  ]));

When using OAuthProvider (with live requests) param name gets encoded twice on the other hand. Also debug_sbs is truncated. I don't know if it's just debug output that is cut or the real base string.

Test script:
---------------
var_dump(
  oauth_get_sbs(
    "GET",
    "http://host/path", 
    [ "name" => [ "key" => "value" ]  ]
  )
);

// also data from real world example with OAuthProvider

Expected result:
----------------
string(57) "GET&http%3A%2F%2Fhost%2Fpath&include%255Banswers%255D%3D1"

// when OAuthProvider receives request (parts removed but same)
// this is from a client sending request (not a PHP Pecl extension)

GET&https%3A%2F%2F....&include%255Banswers%255D%3D1%26oauth_consumer_key....oauth_token%3D9f98c213db%26oauth_version%3D1.0

Actual result:
--------------
string(41) "GET&http%3A%2F%2Fhost%2Fpath&name%3Dvalue"

// when OAuthProvider receives request (parts removed but same)
// this is from debug_sbs returned through OAuthException

GET&https%3A%2F%2F....&include%3D1%26include%255Banswers%255D%3D1%26oauth_consumer_key....oauth_token%3D9f98c213db%26oauth_ver

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-26 12:40 UTC] m dot kurzyna at crystalpoint dot pl
There is a c&p error in expected result - params are for [ 'include' => [ 'answers' => 1 ] ]. Sorry.

Proper expected:
string(54) "GET&http%3A%2F%2Fhost%2Fpath&name%255Bkey%255D%3Dvalue"
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Dec 06 00:01:23 2019 UTC