Strip out the special 'p' paramter added by index.php from

$_SERVER['QUERY_STRING'] before doing OAuth requests. Required by the latest version of the OAuth lib.
2010-10-05 01:21:50 +00:00 · 2010-10-05 01:21:50 +00:00 · 06d918d575
parent a54991797d
commit 06d918d575
1 changed files with 10 additions and 3 deletions
--- a/lib/apioauth.php
+++ b/lib/apioauth.php
@ -86,11 +86,18 @@ class ApiOauthAction extends Action
        }

        // strip out the p param added in index.php
-
-        // XXX: should we strip anything else?  Or alternatively
-        // only allow a known list of params?
        unset($_GET['p']);
        unset($_POST['p']);
+        unset($_REQUEST['p']);
+
+        $queryArray = explode('&', $_SERVER['QUERY_STRING']);
+        for ($i = 0; $i < sizeof($queryArray); $i++) {
+            if (substr($queryArray[$i], 0, 1) == 'p=') {
+                unset($queryArray[$i]);
+            }
+        }
+
+        $_SERVER['QUERY_STRING'] = implode('&', $queryString);
    }

    function getCallback($url, $params)