Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(59)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 991045: Add space to the allowed param name for OAuthRequest as decoded value

Can't Edit
Can't Publish+Mail
Start Review
Created:
15 years, 10 months ago by henry.saputra
Modified:
15 years, 10 months ago
Reviewers:
chirag, shindig.remailer
Base URL:
http://svn.apache.org/repos/asf/shindig/trunk/
Visibility:
Public.

Description

The ALLOWED_PARAM_NAME used in OAuthRequest.allowParam to check against parameter name after being decoded from call to Oauth.decodeForm(). So if space is in the query parameter name is encoded correctly with "+" or "%20", eg: submit+job", the call to OAuth.sanitize(List<Parameter> params) will be decoded by OAuth.decodeForm method hence the param name to "submit job" which will cause it to fail pattern match. This query parameter name (with space) is legal since it will be later be encoded when signing the OAuthRequest inside OAuthSignature.getBaseString. Adding space as allowed character in the OAuthRequest.ALLOWED_PARAM_NAME.

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -2 lines) Patch
java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java View 2 chunks +1 line, -2 lines 0 comments Download

Messages

Total messages: 2
henry.saputra
15 years, 10 months ago (2010-05-01 06:55:38 UTC) #1
chirag
15 years, 10 months ago (2010-05-03 18:11:30 UTC) #2 
lgtm
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b