Signature verification fails when request parameter contains a percent sign

Issue #168 new
Bernhard Schandl
created an issue

OAuthRequest._split_url_string() unquotes parameters found in the URL string. However, when parameters are passed via QUERY_STRING they are already unquoted. This leads to problems when the original request parameter contains percent signs, which are mistakingly double-unquoted.

Comments (1)

  1. Bernhard Schandl reporter

    From what I can see cgi.parse_qs() already does the unquoting:

    >>> import cgi
    >>> cgi.parse_qs('q=abc%20def&s=abc%def&r=abc%25def')
    {'q': ['abc def'], 's': ['abc\xdef'], 'r': ['abc%def']}
  2. Log in to comment