Issue #168 new

Signature verification fails when request parameter contains a percent sign

bes
created an issue

OAuthRequest._split_url_string() unquotes parameters found in the URL string. However, when parameters are passed via QUERY_STRING they are already unquoted. This leads to problems when the original request parameter contains percent signs, which are mistakingly double-unquoted.

Comments (1)

  1. bes reporter

    From what I can see cgi.parse_qs() already does the unquoting:

    >>> import cgi
    >>> cgi.parse_qs('q=abc%20def&s=abc%def&r=abc%25def')
    {'q': ['abc def'], 's': ['abc\xdef'], 'r': ['abc%def']}
    
  2. Log in to comment