Changeset ee84bdb

Timestamp:

2010-04-27T22:11:11Z (15 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

18dbb20

Parents:

288b215

Message:

The escaping, I fixed it for you. More expensive code this way and most of
the vars don't need escaping. But this shouldn't be so fragile anymore.

File:

• lib/oauth.c (modified) (7 diffs)

lib/oauth.c

@@ -101 +101 @@
         sha1_finish( &sha1, hash );
         
-        /* base64_encode it and we're done. */
-        return base64_encode( hash, sha1_hash_size );
+        /* base64_encode + HTTP escape it (both consumers 
+           need it that away) and we're done. */
+        s = base64_encode( hash, sha1_hash_size );
+        s = g_realloc( s, strlen( s ) * 3 + 1 );
+        http_encode( s );
+        
+        return s;
 }
 
@@ -108 +113 @@
 {
         unsigned char bytes[9];
-        char *ret;
         
         random_bytes( bytes, sizeof( bytes ) );
-        ret = base64_encode( bytes, sizeof( bytes ) );
-        ret = g_realloc( ret, strlen( ret ) * 3 + 1 );
-        http_encode( ret );
-        
-        return ret;
+        return base64_encode( bytes, sizeof( bytes ) );
 }
 
@@ -167 +167 @@
 static void oauth_params_parse( GSList **params, char *in )
 {
-        char *amp, *eq;
+        char *amp, *eq, *s;
         
         while( in && *in )
@@ -179 +179 @@
                         *amp = '\0';
                 
-                oauth_params_add( params, in, eq + 1 );
+                s = g_strdup( eq + 1 );
+                http_decode( s );
+                oauth_params_add( params, in, s );
+                g_free( s );
                 
                 *eq = '=';
@@ -206 +209 @@
         for( l = params; l; l = l->next )
         {
-                g_string_append( str, l->data );
+                char *s, *eq;
+                
+                s = g_malloc( strlen( l->data ) * 3 + 1 );
+                strcpy( s, l->data );
+                if( ( eq = strchr( s, '=' ) ) )
+                        http_encode( eq + 1 );
+                g_string_append( str, s );
+                g_free( s );
+                
                 if( l->next )
                         g_string_append_c( str, '&' );
@@ -254 +265 @@
         
         s = oauth_sign( "POST", url, params_s, NULL );
-        s = g_realloc( s, strlen( s ) * 3 + 1 );
-        http_encode( s );
-        
         post = g_strdup_printf( "%s&oauth_signature=%s", params_s, s );
         g_free( params_s );
@@ -390 +398 @@
         params_s = oauth_params_string( params );
         sig = oauth_sign( method, url, params_s, token_secret );
+        g_string_append_printf( ret, "oauth_signature=\"%s\"", sig );
         g_free( params_s );
-        sig = g_realloc( sig, strlen( sig ) * 3 + 1 );
-        http_encode( sig );
-        
-        g_string_append_printf( ret, "oauth_signature=\"%s\"", sig );
         
 err: