diff options
| author | Zach Copley <zach@status.net> | 2010-10-05 01:21:50 +0000 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2010-10-06 13:39:58 -0700 |
| commit | 06d918d575cfb112b8719b0441548d55e679fe51 (patch) | |
| tree | ca1c78034d6b637339f4826737f30e690879807e /lib | |
| parent | a54991797dc310bbdc7571f999dd006d8405a49e (diff) | |
Strip out the special 'p' paramter added by index.php from
$_SERVER['QUERY_STRING'] before doing OAuth requests. Required by the
latest version of the OAuth lib.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/apioauth.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/apioauth.php b/lib/apioauth.php index 1c87e4232..3f71de0c3 100644 --- a/lib/apioauth.php +++ b/lib/apioauth.php @@ -86,11 +86,18 @@ class ApiOauthAction extends Action } // strip out the p param added in index.php - - // XXX: should we strip anything else? Or alternatively - // only allow a known list of params? unset($_GET['p']); unset($_POST['p']); + unset($_REQUEST['p']); + + $queryArray = explode('&', $_SERVER['QUERY_STRING']); + for ($i = 0; $i < sizeof($queryArray); $i++) { + if (substr($queryArray[$i], 0, 1) == 'p=') { + unset($queryArray[$i]); + } + } + + $_SERVER['QUERY_STRING'] = implode('&', $queryString); } function getCallback($url, $params) |