diff options
author | friendica <info@friendica.com> | 2013-09-16 21:35:52 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-09-16 21:35:52 -0700 |
commit | 9bff739d9624d3a4ba1fb488673ec1a18bc6d395 (patch) | |
tree | d294230d4d3d41c96b1d550ab381722d0dc3eb00 /library | |
parent | 4b5d91ccb5e42bbd1d379b8963d932bbc8615634 (diff) | |
download | volse-hubzilla-9bff739d9624d3a4ba1fb488673ec1a18bc6d395.tar.gz volse-hubzilla-9bff739d9624d3a4ba1fb488673ec1a18bc6d395.tar.bz2 volse-hubzilla-9bff739d9624d3a4ba1fb488673ec1a18bc6d395.zip |
several oauth fixes - shred doesn't completely work yet, but it also doesn't completely NOT work, so at least there's some improvement
Diffstat (limited to 'library')
-rw-r--r-- | library/OAuth1.php | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/library/OAuth1.php b/library/OAuth1.php index 0db6fabcb..b790655af 100644 --- a/library/OAuth1.php +++ b/library/OAuth1.php @@ -273,6 +273,7 @@ class OAuthRequest { && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded") ) { + $post_data = OAuthUtil::parse_parameters( file_get_contents(self::$POST_INPUT) ); @@ -286,15 +287,15 @@ class OAuthRequest { $request_headers['Authorization'] ); $parameters = array_merge($parameters, $header_parameters); + } } // fix for friendica redirect system - + // FIXME or don't, but figure out if this is absolutely necessary and act accordingly $http_url = substr($http_url, 0, strpos($http_url,$parameters['q'])+strlen($parameters['q'])); unset( $parameters['q'] ); - //echo "<pre>".__function__."\n"; var_dump($http_method, $http_url, $parameters, $_SERVER['REQUEST_URI']); killme(); return new OAuthRequest($http_method, $http_url, $parameters); } @@ -514,9 +515,7 @@ class OAuthServer { */ public function fetch_request_token(&$request) { $this->get_version($request); - $consumer = $this->get_consumer($request); - // no token required for the initial token request $token = NULL; @@ -525,7 +524,6 @@ class OAuthServer { // Rev A change $callback = $request->get_parameter('oauth_callback'); $new_token = $this->data_store->new_request_token($consumer, $callback); - return $new_token; } @@ -796,7 +794,8 @@ class OAuthUtil { ); $out[$key] = $value; } - } else { + } + if((! isset($out)) || (! array_key_exists('Authorization',$out))) { // otherwise we don't have apache and are just going to have to hope // that $_SERVER actually contains what we need $out = array(); @@ -806,6 +805,8 @@ class OAuthUtil { $out['Content-Type'] = $_ENV['CONTENT_TYPE']; foreach ($_SERVER as $key => $value) { + if($key === 'REDIRECT_REMOTE_USER') + $out['Authorization'] = $value; if (substr($key, 0, 5) == "HTTP_") { // this is chaos, basically it is just there to capitalize the first // letter of every word that is not an initial HTTP and strip HTTP |