Merge pull request #154 from WP-API/urlencode-arrays

rmccue · web-flow · commit 3872b95a005a · 2016-07-16T16:21:49.000+01:00
Fix creating signature with arrays in the URL
diff --git a/lib/class-wp-rest-oauth1.php b/lib/class-wp-rest-oauth1.php
@@ -662,7 +662,7 @@ public function check_oauth_signature( $consumer, $oauth_params, $token = null )
 		if ( substr( $request_path, 0, strlen( $wp_base ) ) === $wp_base ) {
 			$request_path = substr( $request_path, strlen( $wp_base ) );
 		}
-		$base_request_uri = rawurlencode( get_home_url( null, $request_path ) );
+		$base_request_uri = self::urlencode_rfc3986( get_home_url( null, $request_path ) );
 
 		// get the signature provided by the consumer and remove it from the parameters prior to checking the signature
 		$consumer_signature = rawurldecode( $params['oauth_signature'] );
@@ -733,10 +733,10 @@ public function join_with_equals_sign( $params, $query_params = array(), $key =
 				$query_params = $this->join_with_equals_sign( $param_value, $query_params, $param_key );
 			} else {
 				if ( $key ) {
-					$param_key = $key . '[' . $param_key . ']'; // Handle multi-dimensional array
+					$param_key = $key . '%5B' . $param_key . '%5D'; // Handle multi-dimensional array
 				}
 				$string = $param_key . '=' . $param_value; // join with equals sign
-				$query_params[] = urlencode( $string );
+				$query_params[] = self::urlencode_rfc3986($string );
 			}
 		}
 		return $query_params;
@@ -752,8 +752,8 @@ public function join_with_equals_sign( $params, $query_params = array(), $key =
 	 * @param string $value
 	 */
 	protected function normalize_parameters( &$key, &$value ) {
-		$key = rawurlencode( rawurldecode( $key ) );
-		$value = rawurlencode( rawurldecode( $value ) );
+		$key = self::urlencode_rfc3986( rawurldecode( $key ) );
+		$value = self::urlencode_rfc3986( rawurldecode( $value ) );
 	}
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -662,7 +662,7 @@ public function check_oauth_signature( $consumer, $oauth_params, $token = null )`
`662`	`662`	`if ( substr( $request_path, 0, strlen( $wp_base ) ) === $wp_base ) {`
`663`	`663`	`$request_path = substr( $request_path, strlen( $wp_base ) );`
`664`	`664`	`}`
`665`		`- $base_request_uri = rawurlencode( get_home_url( null, $request_path ) );`
	`665`	`+ $base_request_uri = self::urlencode_rfc3986( get_home_url( null, $request_path ) );`
`666`	`666`
`667`	`667`	`// get the signature provided by the consumer and remove it from the parameters prior to checking the signature`
`668`	`668`	`$consumer_signature = rawurldecode( $params['oauth_signature'] );`
`@@ -733,10 +733,10 @@ public function join_with_equals_sign( $params, $query_params = array(), $key =`
`733`	`733`	`$query_params = $this->join_with_equals_sign( $param_value, $query_params, $param_key );`
`734`	`734`	`} else {`
`735`	`735`	`if ( $key ) {`
`736`		`- $param_key = $key . '[' . $param_key . ']'; // Handle multi-dimensional array`
	`736`	`+ $param_key = $key . '%5B' . $param_key . '%5D'; // Handle multi-dimensional array`
`737`	`737`	`}`
`738`	`738`	`$string = $param_key . '=' . $param_value; // join with equals sign`
`739`		`- $query_params[] = urlencode( $string );`
	`739`	`+ $query_params[] = self::urlencode_rfc3986($string );`
`740`	`740`	`}`
`741`	`741`	`}`
`742`	`742`	`return $query_params;`
`@@ -752,8 +752,8 @@ public function join_with_equals_sign( $params, $query_params = array(), $key =`
`752`	`752`	`* @param string $value`
`753`	`753`	`*/`
`754`	`754`	`protected function normalize_parameters( &$key, &$value ) {`
`755`		`- $key = rawurlencode( rawurldecode( $key ) );`
`756`		`- $value = rawurlencode( rawurldecode( $value ) );`
	`755`	`+ $key = self::urlencode_rfc3986( rawurldecode( $key ) );`
	`756`	`+ $value = self::urlencode_rfc3986( rawurldecode( $value ) );`
`757`	`757`	`}`
`758`	`758`
`759`	`759`	`/**`