Uploaded image for project: 'Shindig'
  1. Shindig
  2. SHINDIG-1404

Additional double decoding of Security Token

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0-RC2
    • Component/s: PHP
    • Labels:
      None

      Description

      I found another double decoding of the security token in php shindig, which is still there in the current revision (see SHINDIG-966):

      — - 2010-08-09 16:35:38.000000000 +0200
      +++ php/src/gadgets/GadgetContext.php 2010-07-30 13:46:20.000000000 +0200
      @@ -285,9 +285,6 @@

      • @return SecurityToken An object representation of the token data.
        */
        public function validateToken($token, $signer) {
      • if (count(explode(':', $token)) < 7) { - $token = urldecode(base64_decode($token)); - }

        if (empty($token))

        { throw new Exception("Missing or invalid security token"); }

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bhofmann Bastian Hofmann
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: