OAuth signature not matched when data is url encoded #205
Comments
|
I can confirm that #92 (when manually merged) is a fix for this issue. The merge is available on https://github.com/drsdre/OAuth1. If the authors of this plugin want, I can create a pull request. |
|
Nice, but #92 is already a pull request? |
|
The file name changed in that pull request does not even exist any more in the current version (which has been working fine for me for all OAuth requests and uploads for a long time now). Are you using the latest 0.3 version of the OAuth plugin from here?: https://wordpress.org/plugins/rest-api-oauth1/ |
|
This repo needs a loving hand |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This subject has been discussed several times before, but the current solution is not correct yet for POST requests.
The situation:
I'm updating a WP record which includes a URL post field like:
url=http://siteurl.com/page?key=xxxyyy%3D (the string '%3D' needs to be preserved)
When the Oauth1 plugin processes the data, it receives the following post data:
Array
(
[url] => http://siteurl.com/page?key=xxxyyy%3D
)
However when it passes through the normalize_parameters function it creates the following data:
Array
(
[url] => http%3A%2F%2Fsiteurl.com%2Fpage%3Fkey%3Dxxxyyy%3D
)
(this decodes back into http://siteurl.com/page?key=xxxyyy= (instead of %3D).
Expected is:
Array
(
[url] => http%3A%2F%2Fsiteurl.com%2Fpage%3Fkey%3Dxxxyyy%253D
)
(this decodes back into http://siteurl.com/page?key=xxxyyy%3D).
Conclusion:
For POST data, the normalize_function should NOT rawurldecode the parameters as this is changing the incoming data hence the Oauth1 signature will not match anymore.
The text was updated successfully, but these errors were encountered: