[twitter-dev] Re: URI Escape fix for OAuth - correct usage of uri_escape() with Perl

Tue, 28 Jul 2009 15:35:37 -0700 


If you are using Net::Twitter in Perl, the developer released a new
release today that now correctly handles OAuth and Unicode-related
issues.

http://search.cpan.org/dist/Net-Twitter/

On Jul 28, 3:21 pm, Scott Carter <scarter28m-goo...@yahoo.com> wrote:
> This post is geared toward Perl implementations of OAuth, though it
> may shed some light on recent URI escape problems in other languages
> as well.
>
> use Encode qw(encode);
> use URI::Escape;
>
> I previously had been escaping my parameters with a call such as:
> my $value = uri_escape(encode("UTF-8",$param));
>
> The encode() call was encoding the $param as UTF-8 octets before
> percent encoding with uri_escape().
>
> The use of uri_escape() above is NOT correct to meet the requirements
> of the OAuth spec.  The following is the explanation and fix:
>
>     # OAUTH spec URI encoding
>     # =========================
>     #
>     #http://oauth.net/core/1.0a#encoding_parameters
>     # with reference to
>     #http://tools.ietf.org/html/rfc3986#section-2.3
>     #
>     # 5.1.  Parameter Encoding
>     #
>     # All parameter names and values are escaped using the [RFC3986]
>     # percent-encoding (%xx) mechanism. Characters not in the
> unreserved character
>     # set MUST be encoded. Characters in the unreserved character
>     # set MUST NOT be encoded. Hexadecimal characters in encodings
> MUST be upper case.
>     # Text names and values MUST be encoded as UTF-8 octets before
> percent-encoding
>     # them per [RFC3629]
>     #
>     # unreserved = ALPHA, DIGIT, '-', '.', '_', '~'
>     #
>     #
>     # URI::Escape
>     # =============
>     #http://search.cpan.org/~gaas/URI-1.38/URI/Escape.pm
>     # uri_escape() by default encodes
>     #  "^A-Za-z0-9\-_.!~*'()"
>     #
>     # We must subtract from this the reserved characters: ! * ' ( )
>     # "^A-Za-z0-9\-_.~"
>     #
>
> The correct assignment in Perl is thus:
> my $value = uri_escape(encode("UTF-8",$param),"^A-Za-z0-9\-_.~");
>
> I've tested this and it fixed the problems I was having sending
> characters "! "  "*" etc.
>
> I suspect percent encoding in other languages may need a similar
> implementation.
>
> - Scott
> @scott_carterhttp://www.bigtweet.com/

Reply via email to