Skip to content

Commit 6f11d03

Browse files
sblazsblaz
committed
Merge pull request WP-API#65 from BuzzMyVideosDev:feature/issue-64-incorrect-oauth-signature-creation
2 parents 38a1082 + f6036f3 commit 6f11d03

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

lib/class-wp-json-authentication-oauth1.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -557,7 +557,7 @@ protected function check_oauth_signature( $consumer, $oauth_params, $token = nul
557557
if (substr($request_uri_path, 0, strlen($home_url_path)) == $home_url_path) {
558558
$request_uri_path = substr($request_uri_path, strlen($home_url_path));
559559
}
560-
$base_request_uri = rawurlencode( get_home_url( null, $request_uri_path ) );
560+
$base_request_uri = get_home_url( null, $request_uri_path );
561561

562562
// get the signature provided by the consumer and remove it from the parameters prior to checking the signature
563563
$consumer_signature = rawurldecode( $params['oauth_signature'] );
@@ -573,7 +573,7 @@ protected function check_oauth_signature( $consumer, $oauth_params, $token = nul
573573
$query_string = $this->create_signature_string( $params );
574574

575575
$token = (array) $token;
576-
$string_to_sign = $http_method . '&' . $base_request_uri . '&' . $query_string;
576+
$string_to_sign = $http_method . '&' . rawurlencode( $base_request_uri ) . '&' . rawurlencode( $query_string );
577577
$key_parts = array(
578578
$consumer->secret,
579579
( $token ? $token['secret'] : '' )
@@ -610,7 +610,7 @@ protected function check_oauth_signature( $consumer, $oauth_params, $token = nul
610610
* @return string Signature string
611611
*/
612612
public function create_signature_string( $params ) {
613-
return implode( '%26', $this->join_with_equals_sign( $params ) ); // join with ampersand
613+
return implode( '&', $this->join_with_equals_sign( $params ) ); // join with ampersand
614614
}
615615

616616
/**
@@ -630,8 +630,8 @@ public function join_with_equals_sign( $params, $query_params = array(), $key =
630630
if ( $key ) {
631631
$param_key = $key . '[' . $param_key . ']'; // Handle multi-dimensional array
632632
}
633-
$string = $param_key . '=' . $param_value; // join with equals sign
634-
$query_params[] = urlencode( $string );
633+
$string = rawurlencode( $param_key ) . '=' . rawurlencode( $param_value ); // join with equals sign
634+
$query_params[] = $string;
635635
}
636636
}
637637
return $query_params;

0 commit comments

Comments
 (0)