Max Rice
2d974987dc
Check strings using hash_equals
...
time-constant string comparison to prevent timing attacks
2015-01-19 00:34:09 -05:00
Max Rice
512d77fb4c
code standards
2015-01-19 00:33:38 -05:00
shivapoudel
e6f6bcf368
Absolute path fix for REST API v2
2014-09-21 01:09:20 +05:45
Mike Jolley
021a889e66
Merge pull request #5277 from maxrice/rest-api-fix-5207
...
Allow query string fallback for REST API SSL authentication
2014-04-07 10:13:55 +01:00
Max Rice
09451855f2
Allow query string fallback for REST API SSL auth
...
In some environments, the PHP_AUTH_USER/PW server vars are empty which
prevents SSL authentication from working properly. This commit allows
the use of a query string fallback (e.g.
`?consumer_key=123&consumer_secret=abc`) for providing credentials over
SSL.
Fixes #5207
2014-04-04 14:24:14 -04:00
Max Rice
1dd24501f5
Remove unnecessary OAuth code
...
The parameters provided to the API endpoints only contain the
parameters specified in the method signature so there’s no need to
strip out the OAuth params.
2014-04-04 14:22:06 -04:00
Max Rice
1c437bdeb8
API: double-encode percent symbols when normalizing parameters
2014-04-03 16:56:26 -04:00
Max Rice
853520d40b
API: normalize both key and value before calculating OAuth signature
...
The OAuth spec indicates that the full query string should be URL
encoded. The array_walk method does not change keys so when used with a
parameter like `filter[period]=week`, the key is not properly encoded.
This fixes that by properly encoding both the key and value.
2014-04-03 16:11:51 -04:00
Max Rice
9f463e4644
code standards
2014-04-03 16:10:08 -04:00
Gerhard
30c1486aa7
REST API OAuth signature issue fix when using filter params
2014-02-14 13:26:31 +02:00
Mike Jolley
f504243b56
Update timestamp check Closes #4409
2014-01-08 13:40:06 +00:00
Gerhard
8e2bc1cebc
remove harded api reference, use WooCommerce_api_url instead
2013-12-06 16:57:44 +02:00
Gerhard
5b27f37c23
Fix issue where oAuth signature is wrong when running site from a subfolder #4055
2013-12-06 15:07:42 +02:00
Ryan McCue
ff6f2e070e
Use correct variable for OAuth parameter check
2013-11-26 11:19:00 +10:00
Max Rice
38be2ee7a4
Perform core authentication at 0 priority
...
Makes it easier for plugins to override the core API authentication
Part of #4055
2013-11-23 13:28:26 -05:00
Max Rice
ef22f03275
Add API key-specific permission check
...
Part of #4055
2013-11-19 03:04:00 -05:00
Max Rice
61fb0f760a
Update authentication to use new API key meta names
...
Part of #4055
2013-11-19 03:03:39 -05:00
Max Rice
00c65b9cc3
Add site timezone to API index
2013-11-10 19:30:59 -05:00
Max Rice
c3fa52b0b5
Update API classes to use new WC_API_Server class
2013-11-06 01:54:19 -05:00
Max Rice
45fa450760
Add REST API authentication class
2013-11-03 20:06:28 -05:00