Skip Menu |

This queue is for tickets about the Net-OAuth CPAN distribution.

Report information
The Basics
Id: 91951
Status: new
Priority: 0/
Queue: Net-OAuth

Owner: Nobody in particular
Requestors: fmatthew5876 [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: Signature failures on urls with special characters - PATCH included
Date: Wed, 8 Jan 2014 08:16:25 -0500
To: bug-Net-OAuth [...]
From: Matt Fioravante <fmatthew5876 [...]>
Download (untitled) / with headers
text/plain 1.2k
There is a bug in Net::OAuth when generating a signature on an url that has a special character such as ^ For the url^foo, the ^ will get escaped twice. First, the URI module is used to escape the url when it is passed to Net::Oauth. The url becomes Then during signature generation, the % gets escaped a second time, becoming This doubly escaped url is then used generate the signature which fails signature verification. Included is a patch to fix this issue. diff -Naur OAuth.orig/ OAuth/ --- OAuth.orig/ 2014-01-07 14:20:32.262700000 -0500 +++ OAuth/ 2014-01-07 14:21:21.096353000 -0500 @@ -3,6 +3,7 @@ use strict; use base qw/Net::OAuth::Message/; use URI; +use URI::Escape; use URI::QueryParam; use Net::OAuth; @@ -35,7 +36,7 @@ __PACKAGE__->mk_classdata(signature_elements => [qw/ request_method - normalized_request_url + unescaped_normalized_request_url normalized_message_parameters /]); @@ -78,6 +79,12 @@ return $url; } +sub unescaped_normalized_request_url { + my $self = shift; + my $url = $self->normalized_request_url; + return uri_unescape($url); +} + =head1 NAME

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to