Skip Menu |
 

This queue is for tickets about the Net-OAuth CPAN distribution.

Report information
The Basics
Id: 91951
Status: new
Priority: 0/
Queue: Net-OAuth

People
Owner: Nobody in particular
Requestors: fmatthew5876 [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Signature failures on urls with special characters - PATCH included
Date: Wed, 8 Jan 2014 08:16:25 -0500
To: bug-Net-OAuth [...] rt.cpan.org
From: Matt Fioravante <fmatthew5876 [...] gmail.com>
Download (untitled) / with headers
text/plain 1.2k
There is a bug in Net::OAuth when generating a signature on an url that has a special character such as ^ For the url www.example.com/^foo, the ^ will get escaped twice. First, the URI module is used to escape the url when it is passed to Net::Oauth. The url becomes www.example.com/%5Efoo. Then during signature generation, the % gets escaped a second time, becoming www.example.com/%255Efoo. This doubly escaped url is then used generate the signature which fails signature verification. Included is a patch to fix this issue. diff -Naur OAuth.orig/Request.pm OAuth/Request.pm --- OAuth.orig/Request.pm 2014-01-07 14:20:32.262700000 -0500 +++ OAuth/Request.pm 2014-01-07 14:21:21.096353000 -0500 @@ -3,6 +3,7 @@ use strict; use base qw/Net::OAuth::Message/; use URI; +use URI::Escape; use URI::QueryParam; use Net::OAuth; @@ -35,7 +36,7 @@ __PACKAGE__->mk_classdata(signature_elements => [qw/ request_method - normalized_request_url + unescaped_normalized_request_url normalized_message_parameters /]); @@ -78,6 +79,12 @@ return $url; } +sub unescaped_normalized_request_url { + my $self = shift; + my $url = $self->normalized_request_url; + return uri_unescape($url); +} + =head1 NAME


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.