Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

When generating the signature to compare, append a trailing &. 

The OAuth spec (http://tools.ietf.org/html/rfc5849#section-3.4.2) states that a & character must be present, even if a token secret is not a part of the request.
This commit is contained in:
Justin Shreve 2015-06-19 15:05:51 +00:00
parent 1e5d508675
commit c43f9157c3
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
includes/api/class-wc-api-authentication.php
View File

@ -264,7 +264,8 @@ class WC_API_Authentication {
$hash_algorithm = strtolower( str_replace( 'HMAC-', '', $params['oauth_signature_method'] ) ); $hash_algorithm = strtolower( str_replace( 'HMAC-', '', $params['oauth_signature_method'] ) );
$signature = base64_encode( hash_hmac( $hash_algorithm, $string_to_sign, $keys['consumer_secret'], true ) ); $secret = $keys['consumer_secret'] . '&';
$signature = base64_encode( hash_hmac( $hash_algorithm, $string_to_sign, $secret, true ) );
if ( ! hash_equals( $signature, $consumer_signature ) ) { if ( ! hash_equals( $signature, $consumer_signature ) ) {
throw new Exception( __( 'Invalid Signature - provided signature does not match', 'woocommerce' ), 401 ); throw new Exception( __( 'Invalid Signature - provided signature does not match', 'woocommerce' ), 401 );