summaryrefslogtreecommitdiff
path: root/actions/remotesubscribe.php
diff options
context:
space:
mode:
Diffstat (limited to 'actions/remotesubscribe.php')
-rw-r--r--actions/remotesubscribe.php9
1 files changed, 4 insertions, 5 deletions
diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php
index 3dea07f16..fa7843880 100644
--- a/actions/remotesubscribe.php
+++ b/actions/remotesubscribe.php
@@ -336,10 +336,9 @@ class RemotesubscribeAction extends Action {
$req->set_parameter('omb_listenee_avatar', $avatar->url);
}
- $nonce = $this->make_nonce();
-
- $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe',
- array('nonce' => $nonce)));
+ # XXX: add a nonce to prevent replay attacks
+
+ $req->set_parameter('oauth_callback', common_local_url('finishremotesubscribe'));
# XXX: test to see if endpoint accepts this signature method
@@ -351,7 +350,7 @@ class RemotesubscribeAction extends Action {
$omb['token'] = $token;
$omb['secret'] = $secret;
- $_SESSION[$nonce] = $omb;
+ $_SESSION['oauth_authorization_request'] = $omb;
# Redirect to authorization service
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-12-28 18:40:57 +0000