From e103c8b6ea2d06cc15e1f8571936b6a2971fe4fa Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Mon, 2 Jun 2008 16:17:07 -0400
Subject: get rid of callback nonce

darcs-hash:20080602201707-84dde-400855b57fcf01e597494143cc78092351043b91.gz
---
 actions/remotesubscribe.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'actions/remotesubscribe.php')

diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php
index 3dea07f16..fa7843880 100644
--- a/actions/remotesubscribe.php
+++ b/actions/remotesubscribe.php
@@ -336,10 +336,9 @@ class RemotesubscribeAction extends Action {
 			$req->set_parameter('omb_listenee_avatar', $avatar->url);
 		}
 
-		$nonce = $this->make_nonce();
-
-		$req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe',
-															   array('nonce' => $nonce)));
+		# XXX: add a nonce to prevent replay attacks
+		
+		$req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe'));
 
 		# XXX: test to see if endpoint accepts this signature method
 
@@ -351,7 +350,7 @@ class RemotesubscribeAction extends Action {
 		$omb['token'] = $token;
 		$omb['secret'] = $secret;
 
-		$_SESSION[$nonce] = $omb;
+		$_SESSION['oauth_authorization_request'] = $omb;
 
 		# Redirect to authorization service
 
-- 
cgit v1.2.3-54-g00ecf