OAuth extlib updated and Twitter comments removed
Source: http://oauth.googlecode.com/svn/code/php/OAuth.php Should we use PECL OAuth?
This commit is contained in:
parent
e376905d93
commit
b43be41643
|
@ -85,7 +85,23 @@ abstract class OAuthSignatureMethod {
|
||||||
*/
|
*/
|
||||||
public function check_signature($request, $consumer, $token, $signature) {
|
public function check_signature($request, $consumer, $token, $signature) {
|
||||||
$built = $this->build_signature($request, $consumer, $token);
|
$built = $this->build_signature($request, $consumer, $token);
|
||||||
return $built == $signature;
|
|
||||||
|
// Check for zero length, although unlikely here
|
||||||
|
if (strlen($built) == 0 || strlen($signature) == 0) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strlen($built) != strlen($signature)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Avoid a timing leak with a (hopefully) time insensitive compare
|
||||||
|
$result = 0;
|
||||||
|
for ($i = 0; $i < strlen($signature); $i++) {
|
||||||
|
$result |= ord($built{$i}) ^ ord($signature{$i});
|
||||||
|
}
|
||||||
|
|
||||||
|
return $result == 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -243,7 +259,7 @@ class OAuthRequest {
|
||||||
? 'http'
|
? 'http'
|
||||||
: 'https';
|
: 'https';
|
||||||
$http_url = ($http_url) ? $http_url : $scheme .
|
$http_url = ($http_url) ? $http_url : $scheme .
|
||||||
'://' . $_SERVER['HTTP_HOST'] .
|
'://' . $_SERVER['SERVER_NAME'] .
|
||||||
':' .
|
':' .
|
||||||
$_SERVER['SERVER_PORT'] .
|
$_SERVER['SERVER_PORT'] .
|
||||||
$_SERVER['REQUEST_URI'];
|
$_SERVER['REQUEST_URI'];
|
||||||
|
@ -383,7 +399,7 @@ class OAuthRequest {
|
||||||
|
|
||||||
$scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
|
$scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
|
||||||
$port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
|
$port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
|
||||||
$host = (isset($parts['host'])) ? $parts['host'] : '';
|
$host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
|
||||||
$path = (isset($parts['path'])) ? $parts['path'] : '';
|
$path = (isset($parts['path'])) ? $parts['path'] : '';
|
||||||
|
|
||||||
if (($scheme == 'https' && $port != '443')
|
if (($scheme == 'https' && $port != '443')
|
||||||
|
|
|
@ -118,18 +118,17 @@ class OAuthClient
|
||||||
|
|
||||||
if (isset($confirm)) {
|
if (isset($confirm)) {
|
||||||
if ($confirm == 'true') {
|
if ($confirm == 'true') {
|
||||||
common_debug('Twitter bridge - callback confirmed.');
|
|
||||||
return $token;
|
return $token;
|
||||||
} else {
|
} else {
|
||||||
throw new OAuthClientException(
|
throw new OAuthClientException(
|
||||||
'Callback was not confirmed by Twitter.'
|
'Callback was not confirmed by remote OAuth side.'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $token;
|
return $token;
|
||||||
} else {
|
} else {
|
||||||
throw new OAuthClientException(
|
throw new OAuthClientException(
|
||||||
'Could not get a request token from Twitter.'
|
'Could not get a request token from remote OAuth side.'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -181,7 +180,7 @@ class OAuthClient
|
||||||
return $token;
|
return $token;
|
||||||
} else {
|
} else {
|
||||||
throw new OAuthClientException(
|
throw new OAuthClientException(
|
||||||
'Could not get a access token from Twitter.'
|
'Could not get a access token from remote OAuth side.'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user