OAuth extlib updated and Twitter comments removed

Source: http://oauth.googlecode.com/svn/code/php/OAuth.php

Should we use PECL OAuth?
This commit is contained in:
Mikael Nordfeldth 2013-10-05 15:59:43 +02:00
parent e376905d93
commit b43be41643
2 changed files with 22 additions and 7 deletions

View File

@ -85,7 +85,23 @@ abstract class OAuthSignatureMethod {
*/ */
public function check_signature($request, $consumer, $token, $signature) { public function check_signature($request, $consumer, $token, $signature) {
$built = $this->build_signature($request, $consumer, $token); $built = $this->build_signature($request, $consumer, $token);
return $built == $signature;
// Check for zero length, although unlikely here
if (strlen($built) == 0 || strlen($signature) == 0) {
return false;
}
if (strlen($built) != strlen($signature)) {
return false;
}
// Avoid a timing leak with a (hopefully) time insensitive compare
$result = 0;
for ($i = 0; $i < strlen($signature); $i++) {
$result |= ord($built{$i}) ^ ord($signature{$i});
}
return $result == 0;
} }
} }
@ -243,7 +259,7 @@ class OAuthRequest {
? 'http' ? 'http'
: 'https'; : 'https';
$http_url = ($http_url) ? $http_url : $scheme . $http_url = ($http_url) ? $http_url : $scheme .
'://' . $_SERVER['HTTP_HOST'] . '://' . $_SERVER['SERVER_NAME'] .
':' . ':' .
$_SERVER['SERVER_PORT'] . $_SERVER['SERVER_PORT'] .
$_SERVER['REQUEST_URI']; $_SERVER['REQUEST_URI'];
@ -383,7 +399,7 @@ class OAuthRequest {
$scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http'; $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
$port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80'); $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
$host = (isset($parts['host'])) ? $parts['host'] : ''; $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
$path = (isset($parts['path'])) ? $parts['path'] : ''; $path = (isset($parts['path'])) ? $parts['path'] : '';
if (($scheme == 'https' && $port != '443') if (($scheme == 'https' && $port != '443')

View File

@ -118,18 +118,17 @@ class OAuthClient
if (isset($confirm)) { if (isset($confirm)) {
if ($confirm == 'true') { if ($confirm == 'true') {
common_debug('Twitter bridge - callback confirmed.');
return $token; return $token;
} else { } else {
throw new OAuthClientException( throw new OAuthClientException(
'Callback was not confirmed by Twitter.' 'Callback was not confirmed by remote OAuth side.'
); );
} }
} }
return $token; return $token;
} else { } else {
throw new OAuthClientException( throw new OAuthClientException(
'Could not get a request token from Twitter.' 'Could not get a request token from remote OAuth side.'
); );
} }
} }
@ -181,7 +180,7 @@ class OAuthClient
return $token; return $token;
} else { } else {
throw new OAuthClientException( throw new OAuthClientException(
'Could not get a access token from Twitter.' 'Could not get a access token from remote OAuth side.'
); );
} }
} }