[
https://issues.apache.org/jira/browse/SHINDIG-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thiago Arrais updated SHINDIG-1274:
-----------------------------------
Attachment:
fix-1247-adds.support.for.array.parameters.in.signed.request.patch
The problem happens actually in two places.
Although the OAuth build_http_query code actually tries to be prepared for
array parameters, it encodes them using only the array name when they should
actually include a pair of square brackets in the key name.
The other problem lies in the SigningFetcher code. It does not deal with array
parameters, only with single-value parameters. It needs to correctly reproduce
the signed request parameters.
I also removed the code that copied the query parameters from the original
query from SigningFetcher, since those are already copied into the signed
request and get treated by the code that reproduces the parameters from it.
> Wrong signature for requests with arrays in query string
> --------------------------------------------------------
>
> Key: SHINDIG-1274
> URL: https://issues.apache.org/jira/browse/SHINDIG-1274
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Reporter: Thiago Arrais
> Attachments:
> fix-1247-adds.support.for.array.parameters.in.signed.request.patch
>
>
> Shindig does not correctly sign requests with arrays in the query string. The
> problem is in encoding arrays into the OAuth signature base string. When it
> receives something like
> http://example.com/resource?array%5B%5D=5&array%5B%5D=9&array%5B%5D=13
> the basestring includes "array%3D5%26array%3D9%26array%3D13", not
> "array%255B%255D%3D5%26array%255B%255D%3D9%26array%255B%255D%3D13" as it
> should.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
