Login

    Register

Managed Hosting

PROJECT CATEGORIES

 

OAuth
Project Home Wiki Known Issues Contact Project

OAuth Issue: Fatal Bug - Was not fixed

Name: Fatal Bug - Was not fixed
ID: 4
Project: OAuth
Type: Bug
Area: Administration
Severity: High
Status: Fixed
Related URL:
Creator: Peter Coppinger
Created: 01/11/11 1:49 PM
Updated: 01/12/11 5:51 AM
Description: Hi Guys,

The bug mentioned in the this reported issue is NOT FIXED in the latest download:
http://oauth.riaforge.org/index.cfm?event=page.issue&issueid=807B98E4-AD6C-2BF3-B75D3F017BA17A1C

It took me 2 hours to track down the problem and I think I lost some hair. After I fixed it, I noticed that Philip Kaplan had reported the same fix but it is not in the latest download from RiaForge or the version listed here: http://oauth.googlecode.com/svn/code/coldfusion/

As Philip notes, commenting out line 307 in OAUTHREQUEST.CFC will fix this:
<cfset stDefault["oauth_timestamp"] = generateTimestamp()>

It caused the oauth_timestamp to be something like "1.0&oauth_timestamp=1.0" instead of just "1.0" whichin turn gets mixed into the hash, making the hash invalid.

Hope you release the fix and save people hair. Thanks for a great library all the same. Will be using on www.teamworkpm.net
History: Created by Topper (Peter Coppinger) : 01/11/11 1:49 PM

Comment by hklein (Harry Klein) : 01/12/11 5:50 AM
Fixed in Version 0.9.6 - Thanks Peter

Updated by hklein (Harry Klein) : 01/12/11 5:51 AM

To add a comment to this bug, please login using the link above.