From e013c06346fd6ad95e7b00a3833a66e6b47d8f44 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 10 Jun 2008 08:30:02 -0400 Subject: [PATCH] undo fancy URLs for omb endpoints The OAuth library uses the $_GET and $_POST arrays for checking signatures on requests. So, we need to make sure that the client sees the same request parameters as the server (or callback). These don't have to be particularly readable URLs, anyways, since they're mostly "behind the scenes". darcs-hash:20080610123002-84dde-0bce005b77d053d22cfbba8e0743af1b49f151bb.gz --- actions/remotesubscribe.php | 1 + htaccess.sample | 8 -------- lib/util.php | 9 --------- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index 64299e27a2..d00d48f9e4 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -308,6 +308,7 @@ class RemotesubscribeAction extends Action { # store all our info here $omb['listenee'] = $user->nickname; + $omb['listener'] = omb_local_id($omb[OAUTH_ENDPOINT_REQUEST]); $omb['token'] = $token; $omb['secret'] = $secret; # call doesn't work after bounce back so we cache; maybe serialization issue...? diff --git a/htaccess.sample b/htaccess.sample index 0bd7b99077..604326fe88 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -15,14 +15,6 @@ RewriteRule ^main/register$ index.php?action=register [L,QSA] RewriteRule ^main/subscribe$ index.php?action=subscribe [L,QSA] RewriteRule ^main/unsubscribe$ index.php?action=unsubscribe [L,QSA] -RewriteRule ^omb/accesstoken$ index.php?action=accesstoken [L,QSA] -RewriteRule ^omb/requesttoken$ index.php?action=requesttoken [L,QSA] -RewriteRule ^omb/postnotice$ index.php?action=postnotice [L,QSA] -RewriteRule ^omb/subscribe$ index.php?action=remotesubscribe [L,QSA] -RewriteRule ^omb/finish$ index.php?action=finishremotesubscribe [L,QSA] -RewriteRule ^omb/updateprofile$ index.php?action=updateprofile [L,QSA] -RewriteRule ^omb/userauthorization$ index.php?action=userauthorization [L,QSA] - RewriteRule ^settings/avatar$ index.php?action=avatar [L,QSA] RewriteRule ^settings/password$ index.php?action=password [L,QSA] RewriteRule ^settings/profile$ index.php?action=profilesettings [L,QSA] diff --git a/lib/util.php b/lib/util.php index 900fd9a580..7d27c10905 100644 --- a/lib/util.php +++ b/lib/util.php @@ -494,15 +494,6 @@ function common_fancy_url($action, $args=NULL) { case 'subscribe': case 'unsubscribe': return common_path('main/'.$action); - case 'accesstoken': - case 'requesttoken': - case 'postnotice': - case 'userauthorization': - return common_path('omb/'.$action); - case 'remotesubscribe': - return common_path('omb/subscribe'); - case 'finishremotesubscribe': - return common_path('omb/finish'); case 'avatar': case 'password': return common_path('settings/'.$action); -- 2.39.5