[oauth] oauth.py: escape arguments before sorting

Wed, 27 May 2009 08:07:24 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

About a month ago I came across an issue in the python implementation of
OAuth: while calculating the signature base string, the request
parameters need to be escaped before they are sorted.

This only happens when using "exotic" argument names containing
characters that need escaping.

I wrote a patch for it, maybe one of you can have a look at it.

Thanks
Arjan Scherpenisse
- --
Mediamatic Lab  -  Vijzelstraat 72 - 1017 HL Amsterdam - Netherlands
t+31 (0)20 638 9901 - f+31 (0)20 638 7969 - http://www.mediamatic.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkodFykACgkQigE4AbflYeqPUACcC1DwKIRWfk3faf1qT5umAQrY
g3gAn1ovFBaMRopPsDSux60HFO2eVlEx
=1blH
-----END PGP SIGNATURE-----

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---


Index: oauth.py
===================================================================
--- oauth.py	(revision 1028)
+++ oauth.py	(working copy)
@@ -185,12 +185,11 @@
             del params['oauth_signature']
         except:
             pass
-        key_values = params.items()
+        key_values = [(escape(_utf8_str(k)), escape(_utf8_str(v))) for k,v in params.items()]
         # Sort lexicographically, first after key, then after value.
         key_values.sort()
         # Combine key value pairs in string and escape.
-        return '&'.join(['%s=%s' % (escape(_utf8_str(k)), escape(_utf8_str(v))) \
-            for k, v in key_values])
+        return '&'.join(['%s=%s' % (k, v) for k, v in key_values])
 
     def get_normalized_http_method(self):
         """Uppercases the http method."""
@@ -586,4 +585,4 @@
     def build_signature(self, oauth_request, consumer, token):
         key, raw = self.build_signature_base_string(oauth_request, consumer,
             token)
-        return key
\ No newline at end of file
+        return key

Reply via email to