You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by ch...@apache.org on 2009/07/20 21:27:06 UTC

svn commit: r795965 - /incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php

Author: chabotc
Date: Mon Jul 20 19:27:06 2009
New Revision: 795965

URL: http://svn.apache.org/viewvc?rev=795965&view=rev
Log:
SHINDIG-1119 by Eiji Kitamura - Missing opensocial_app_url & inproper filtering of the container param

Modified:
    incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php

Modified: incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php?rev=795965&r1=795964&r2=795965&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/SigningFetcher.php Mon Jul 20 19:27:06 2009
@@ -32,6 +32,7 @@
   protected static $OPENSOCIAL_OWNERID = "opensocial_owner_id";
   protected static $OPENSOCIAL_VIEWERID = "opensocial_viewer_id";
   protected static $OPENSOCIAL_APPID = "opensocial_app_id";
+  protected static $OPENSOCIAL_APPURL = "opensocial_app_url";
   protected static $XOAUTH_PUBLIC_KEY = "xoauth_signature_publickey";
   protected static $ALLOWED_PARAM_NAME = '^[-_[:alnum:]]+$';
 
@@ -209,6 +210,10 @@
     if ($app != null) {
       $msgParams[SigningFetcher::$OPENSOCIAL_APPID] = $app;
     }
+    $url = $token->getAppUrl();
+    if ($url != null) {
+      $msgParams[SiginingFetcher::$OPENSOCIAL_APPURL] = $url;
+    }
   }
 
   private function addOAuthParams(&$msgParams, SecurityToken $token) {
@@ -243,8 +248,8 @@
   private function allowParam($paramName) {
     $canonParamName = strtolower($paramName);
     // Exclude the fields which are only used to tell the proxy what to do
-    // and the fields which should be added by signing the request later on
-    if ($canonParamName == "output" || $canonParamName == "httpmethod" || $canonParamName == "authz" || $canonParamName == "st" || $canonParamName == "headers" || $canonParamName == "url" || $canonParamName == "contenttype" || $canonParamName == "postdata" || $canonParamName == "numentries" || $canonParamName == "getsummaries" || $canonParamName == "signowner" || $canonParamName == "signviewer" || $canonParamName == "gadget" || $canonParamName == "bypassspeccache" || substr($canonParamName, 0, 5) == "oauth" || substr($canonParamName, 0, 6) == "xoauth" || substr($canonParamName, 0, 9) == "opensocial") {
+    // and the fields which should be added by signing the request later on
+    if ($canonParamName == "output" || $canonParamName == "httpmethod" || $canonParamName == "authz" || $canonParamName == "st" || $canonParamName == "headers" || $canonParamName == "url" || $canonParamName == "contenttype" || $canonParamName == "postdata" || $canonParamName == "numentries" || $canonParamName == "getsummaries" || $canonParamName == "signowner" || $canonParamName == "signviewer" || $canonParamName == "gadget" || $canonParamName == "bypassspeccache" || substr($canonParamName, 0, 5) == "oauth" || substr($canonParamName, 0, 6) == "xoauth" || substr($canonParamName, 0, 9) == "opensocial" || $canonParamName == "container") {
       return false;
     }
     return true;