POST parameters not properly handled

Issue #174 new
brett
created an issue

In authentication.py initialize_server_request() the request parameters are not properly handled.

First, parameters in a POST request should only be passed to OAuthRequest if Content-Type == application/x-www-form-urlencoded.

Second, the conditional logic at the top of the method creates a variable called params, that is never used. Instead request.REQUEST.items() is passed to the OAuthRequest constructor. This is very BAD!!!

It causes POST requests that have multipart/form-data to not be validated correctly. Not to mention everything blows up if you're trying to upload a file!

The fix is to uncomment the check for application/x-www-form-urlencoded, and pass the variable params into the OAuthRequest constructor.

Comments (0)

  1. Log in to comment