You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by ch...@apache.org on 2009/07/20 21:27:06 UTC
svn commit: r795965 -
/incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
Author: chabotc
Date: Mon Jul 20 19:27:06 2009
New Revision: 795965
URL: http://svn.apache.org/viewvc?rev=795965&view=rev
Log:
SHINDIG-1119 by Eiji Kitamura - Missing opensocial_app_url & inproper filtering of the container param
Modified:
incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
Modified: incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php?rev=795965&r1=795964&r2=795965&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php Mon Jul 20 19:27:06 2009
@@ -32,6 +32,7 @@
protected static $OPENSOCIAL_OWNERID = "opensocial_owner_id";
protected static $OPENSOCIAL_VIEWERID = "opensocial_viewer_id";
protected static $OPENSOCIAL_APPID = "opensocial_app_id";
+ protected static $OPENSOCIAL_APPURL = "opensocial_app_url";
protected static $XOAUTH_PUBLIC_KEY = "xoauth_signature_publickey";
protected static $ALLOWED_PARAM_NAME = '^[-_[:alnum:]]+$';
@@ -209,6 +210,10 @@
if ($app != null) {
$msgParams[SigningFetcher::$OPENSOCIAL_APPID] = $app;
}
+ $url = $token->getAppUrl();
+ if ($url != null) {
+ $msgParams[SiginingFetcher::$OPENSOCIAL_APPURL] = $url;
+ }
}
private function addOAuthParams(&$msgParams, SecurityToken $token) {
@@ -243,8 +248,8 @@
private function allowParam($paramName) {
$canonParamName = strtolower($paramName);
// Exclude the fields which are only used to tell the proxy what to do
- // and the fields which should be added by signing the request later on
- if ($canonParamName == "output" || $canonParamName == "httpmethod" || $canonParamName == "authz" || $canonParamName == "st" || $canonParamName == "headers" || $canonParamName == "url" || $canonParamName == "contenttype" || $canonParamName == "postdata" || $canonParamName == "numentries" || $canonParamName == "getsummaries" || $canonParamName == "signowner" || $canonParamName == "signviewer" || $canonParamName == "gadget" || $canonParamName == "bypassspeccache" || substr($canonParamName, 0, 5) == "oauth" || substr($canonParamName, 0, 6) == "xoauth" || substr($canonParamName, 0, 9) == "opensocial") {
+ // and the fields which should be added by signing the request later on
+ if ($canonParamName == "output" || $canonParamName == "httpmethod" || $canonParamName == "authz" || $canonParamName == "st" || $canonParamName == "headers" || $canonParamName == "url" || $canonParamName == "contenttype" || $canonParamName == "postdata" || $canonParamName == "numentries" || $canonParamName == "getsummaries" || $canonParamName == "signowner" || $canonParamName == "signviewer" || $canonParamName == "gadget" || $canonParamName == "bypassspeccache" || substr($canonParamName, 0, 5) == "oauth" || substr($canonParamName, 0, 6) == "xoauth" || substr($canonParamName, 0, 9) == "opensocial" || $canonParamName == "container") {
return false;
}
return true;