diff options
| author | Evan Prodromou <evan@prodromou.name> | 2008-06-02 16:17:07 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@prodromou.name> | 2008-06-02 16:17:07 -0400 |
| commit | e103c8b6ea2d06cc15e1f8571936b6a2971fe4fa (patch) | |
| tree | 5bab20f9a50b83a52199ae497673fee0f324b994 /actions/remotesubscribe.php | |
| parent | 7b24d101c07ba40b5c8b648bdca0cd6d16ad15f1 (diff) | |
get rid of callback nonce
darcs-hash:20080602201707-84dde-400855b57fcf01e597494143cc78092351043b91.gz
Diffstat (limited to 'actions/remotesubscribe.php')
| -rw-r--r-- | actions/remotesubscribe.php | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index 3dea07f16..fa7843880 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -336,10 +336,9 @@ class RemotesubscribeAction extends Action { $req->set_parameter('omb_listenee_avatar', $avatar->url); } - $nonce = $this->make_nonce(); - - $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe', - array('nonce' => $nonce))); + # XXX: add a nonce to prevent replay attacks + + $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe')); # XXX: test to see if endpoint accepts this signature method @@ -351,7 +350,7 @@ class RemotesubscribeAction extends Action { $omb['token'] = $token; $omb['secret'] = $secret; - $_SESSION[$nonce] = $omb; + $_SESSION['oauth_authorization_request'] = $omb; # Redirect to authorization service |