| Subject: | Signature failures on urls with special characters - PATCH included |
| Date: | Wed, 8 Jan 2014 08:16:25 -0500 |
| To: | bug-Net-OAuth [...] rt.cpan.org |
| From: | Matt Fioravante <fmatthew5876 [...] gmail.com> |
There is a bug in Net::OAuth when generating a signature on an url that has
a special character such as ^
For the url www.example.com/^foo, the ^ will get escaped twice. First, the
URI module is used to escape the url when it is passed to Net::Oauth. The
url becomes www.example.com/%5Efoo. Then during signature generation, the %
gets escaped a second time, becoming www.example.com/%255Efoo. This doubly
escaped url is then used generate the signature which fails signature
verification.
Included is a patch to fix this issue.
diff -Naur OAuth.orig/Request.pm OAuth/Request.pm
--- OAuth.orig/Request.pm 2014-01-07 14:20:32.262700000 -0500
+++ OAuth/Request.pm 2014-01-07 14:21:21.096353000 -0500
@@ -3,6 +3,7 @@
use strict;
use base qw/Net::OAuth::Message/;
use URI;
+use URI::Escape;
use URI::QueryParam;
use Net::OAuth;
@@ -35,7 +36,7 @@
__PACKAGE__->mk_classdata(signature_elements => [qw/
request_method
- normalized_request_url
+ unescaped_normalized_request_url
normalized_message_parameters
/]);
@@ -78,6 +79,12 @@
return $url;
}
+sub unescaped_normalized_request_url {
+ my $self = shift;
+ my $url = $self->normalized_request_url;
+ return uri_unescape($url);
+}
+
=head1 NAME