Bug #28848 for Authen-TypeKey-Sign: all query string values should be uri escaped.

Wed Aug 15 16:17:56 2007 bricas [...] cpan.org - Ticket created

Subject:

all query string values should be uri escaped.

Currently, four parameters will be returned from the sign() method unescaped: email, ts, token, and sig. This causes a problem, most notably in the sig param due to the fact that "=" signs go unescaped and some uri parsers use that as a the key/value delimiter. Attached is a patch that will uri escape all values.

Subject:

Sign.pm.patch

--- lib/Authen/TypeKey/Sign.pm.orig 2007-08-15 17:06:48.000000000 -0300 +++ lib/Authen/TypeKey/Sign.pm 2007-08-15 17:07:05.000000000 -0300 @@ -85,7 +85,7 @@ my $s = MIME::Base64::encode_base64(mp2bin($sig->s()),''); $in->{sig} = "$r:$s"; my @qs = map { "$_=".encode_url($in->{$_}||'') } qw( name nick ); - push(@qs, map { "$_=".$in->{$_} } + push(@qs, map { "$_=".encode_url($in->{$_}) } grep { defined($in->{$_}) } qw( email ts token sig )); join('&',@qs);

Tue Sep 11 02:10:58 2007 tima [...] cpan.org - Correspondence added

Patched applied and released as 0.07. Thanks! <tim/>

Tue Sep 11 02:11:00 2007 The RT System itself - Status changed from 'new' to 'open'

Tue Sep 11 02:11:00 2007 tima [...] cpan.org - Status changed from 'open' to 'resolved'