Skip to content

Commit

Permalink
lib updated as well
Browse files Browse the repository at this point in the history
  • Loading branch information
@newash
newash committed Oct 2, 2015
1 parent b896e07 commit 2a1d28e
Show file tree
Hide file tree
Showing 4 changed files with 128 additions and 4,004 deletions.
5 changes: 2 additions & 3 deletions eztettem-twitterfollow.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,11 +71,10 @@ public function admin_callback( $args ) {
*/
public function update_cron( $old_value, $value ) {
if( $old_value === $value ) return;
if( $value ) {
if( $value )
wp_schedule_event( time(), 'hourly', self::CRON_EVENT );
} else {
else
wp_clear_scheduled_hook( self::CRON_EVENT );
}
}

/**
Expand Down
123 changes: 50 additions & 73 deletions lib/OAuth.php
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
<?php
// vim: foldmethod=marker

namespace Abraham\TwitterOAuth\OAuth;

/* Generic exception class
*/
// if (!class_exists('OAuthException', false)) {
class OAuthException extends \Exception {
if (!class_exists('OAuthException')) {
class OAuthException extends Exception {
// pass
}
// }
}

class OAuthConsumer {
public $key;
Expand Down Expand Up @@ -89,23 +87,7 @@ abstract public function build_signature($request, $consumer, $token);
*/
public function check_signature($request, $consumer, $token, $signature) {
$built = $this->build_signature($request, $consumer, $token);

// Check for zero length, although unlikely here
if (strlen($built) == 0 || strlen($signature) == 0) {
return false;
}

if (strlen($built) != strlen($signature)) {
return false;
}

// Avoid a timing leak with a (hopefully) time insensitive compare
$result = 0;
for ($i = 0; $i < strlen($signature); $i++) {
$result |= ord($built{$i}) ^ ord($signature{$i});
}

return $result == 0;
return $built == $signature;
}
}

Expand Down Expand Up @@ -238,16 +220,16 @@ public function check_signature($request, $consumer, $token, $signature) {
}

class OAuthRequest {
protected $parameters;
protected $http_method;
protected $http_url;
private $parameters;
private $http_method;
private $http_url;
// for debug purposes
public $base_string;
public static $version = '1.0';
public static $POST_INPUT = 'php://input';

function __construct($http_method, $http_url, $parameters=NULL) {
$parameters = ($parameters) ? $parameters : array();
@$parameters or $parameters = array();
$parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
$this->parameters = $parameters;
$this->http_method = $http_method;
Expand All @@ -262,12 +244,12 @@ public static function from_request($http_method=NULL, $http_url=NULL, $paramete
$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
? 'http'
: 'https';
$http_url = ($http_url) ? $http_url : $scheme .
'://' . $_SERVER['SERVER_NAME'] .
@$http_url or $http_url = $scheme .
'://' . $_SERVER['HTTP_HOST'] .
':' .
$_SERVER['SERVER_PORT'] .
$_SERVER['REQUEST_URI'];
$http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];
@$http_method or $http_method = $_SERVER['REQUEST_METHOD'];

// We weren't handed any parameters, so let's find the ones relevant to
// this request.
Expand All @@ -283,9 +265,8 @@ public static function from_request($http_method=NULL, $http_url=NULL, $paramete
// It's a POST request of the proper content-type, so parse POST
// parameters and add those overriding any duplicates from GET
if ($http_method == "POST"
&& isset($request_headers['Content-Type'])
&& strstr($request_headers['Content-Type'],
'application/x-www-form-urlencoded')
&& @strstr($request_headers["Content-Type"],
"application/x-www-form-urlencoded")
) {
$post_data = OAuthUtil::parse_parameters(
file_get_contents(self::$POST_INPUT)
Expand All @@ -295,7 +276,7 @@ public static function from_request($http_method=NULL, $http_url=NULL, $paramete

// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header(
$request_headers['Authorization']
);
Expand All @@ -311,7 +292,7 @@ public static function from_request($http_method=NULL, $http_url=NULL, $paramete
* pretty much a helper function to set up the request
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
$parameters = ($parameters) ? $parameters : array();
@$parameters or $parameters = array();
$defaults = array("oauth_version" => OAuthRequest::$version,
"oauth_nonce" => OAuthRequest::generate_nonce(),
"oauth_timestamp" => OAuthRequest::generate_timestamp(),
Expand Down Expand Up @@ -401,10 +382,12 @@ public function get_normalized_http_method() {
public function get_normalized_http_url() {
$parts = parse_url($this->http_url);

$scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
$port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
$host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
$path = (isset($parts['path'])) ? $parts['path'] : '';
$port = @$parts['port'];
$scheme = $parts['scheme'];
$host = $parts['host'];
$path = @$parts['path'];

$port or $port = ($scheme == 'https') ? '443' : '80';

if (($scheme == 'https' && $port != '443')
|| ($scheme == 'http' && $port != '80')) {
Expand Down Expand Up @@ -437,7 +420,7 @@ public function to_postdata() {
*/
public function to_header($realm=null) {
$first = true;
if($realm) {
if($realm) {
$out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
$first = false;
} else
Expand Down Expand Up @@ -588,10 +571,9 @@ private function get_version(&$request) {
/**
* figure out the signature with some defaults
*/
private function get_signature_method($request) {
$signature_method = $request instanceof OAuthRequest
? $request->get_parameter("oauth_signature_method")
: NULL;
private function get_signature_method(&$request) {
$signature_method =
@$request->get_parameter("oauth_signature_method");

if (!$signature_method) {
// According to chapter 7 ("Accessing Protected Ressources") the signature-method
Expand All @@ -613,11 +595,8 @@ private function get_signature_method($request) {
/**
* try to find the consumer for the provided request's consumer key
*/
private function get_consumer($request) {
$consumer_key = $request instanceof OAuthRequest
? $request->get_parameter("oauth_consumer_key")
: NULL;

private function get_consumer(&$request) {
$consumer_key = @$request->get_parameter("oauth_consumer_key");
if (!$consumer_key) {
throw new OAuthException("Invalid consumer key");
}
Expand All @@ -633,11 +612,8 @@ private function get_consumer($request) {
/**
* try to find the token for the provided request's token key
*/
private function get_token($request, $consumer, $token_type="access") {
$token_field = $request instanceof OAuthRequest
? $request->get_parameter('oauth_token')
: NULL;

private function get_token(&$request, $consumer, $token_type="access") {
$token_field = @$request->get_parameter('oauth_token');
$token = $this->data_store->lookup_token(
$consumer, $token_type, $token_field
);
Expand All @@ -651,14 +627,10 @@ private function get_token($request, $consumer, $token_type="access") {
* all-in-one function to check the signature on a request
* should guess the signature method appropriately
*/
private function check_signature($request, $consumer, $token) {
private function check_signature(&$request, $consumer, $token) {
// this should probably be in a different method
$timestamp = $request instanceof OAuthRequest
? $request->get_parameter('oauth_timestamp')
: NULL;
$nonce = $request instanceof OAuthRequest
? $request->get_parameter('oauth_nonce')
: NULL;
$timestamp = @$request->get_parameter('oauth_timestamp');
$nonce = @$request->get_parameter('oauth_nonce');

$this->check_timestamp($timestamp);
$this->check_nonce($consumer, $token, $nonce, $timestamp);
Expand Down Expand Up @@ -748,7 +720,7 @@ function new_access_token($token, $consumer, $verifier = null) {
class OAuthUtil {
public static function urlencode_rfc3986($input) {
if (is_array($input)) {
return array_map(array(__NAMESPACE__ . '\OAuthUtil', 'urlencode_rfc3986'), $input);
return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input);
} else if (is_scalar($input)) {
return str_replace(
'+',
Expand All @@ -771,18 +743,24 @@ public static function urldecode_rfc3986($string) {
// Utility function for turning the Authorization: header into
// parameters, has to do some unescaping
// Can filter out any non-oauth parameters if needed (default behaviour)
// May 28th, 2010 - method updated to tjerk.meesters for a speed improvement.
// see http://code.google.com/p/oauth/issues/detail?id=163
public static function split_header($header, $only_allow_oauth_parameters = true) {
$pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/';
$offset = 0;
$params = array();
if (preg_match_all('/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) {
foreach ($matches[1] as $i => $h) {
$params[$h] = OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]);
}
if (isset($params['realm'])) {
unset($params['realm']);
while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) {
$match = $matches[0];
$header_name = $matches[2][0];
$header_content = (isset($matches[5])) ? $matches[5][0] : $matches[4][0];
if (preg_match('/^oauth_/', $header_name) || !$only_allow_oauth_parameters) {
$params[$header_name] = OAuthUtil::urldecode_rfc3986($header_content);
}
$offset = $match[1] + strlen($match[0]);
}

if (isset($params['realm'])) {
unset($params['realm']);
}

return $params;
}

Expand All @@ -798,7 +776,7 @@ public static function get_headers() {
// returns the headers in the same case as they are in the
// request
$out = array();
foreach ($headers AS $key => $value) {
foreach( $headers AS $key => $value ) {
$key = str_replace(
" ",
"-",
Expand Down Expand Up @@ -881,8 +859,7 @@ public static function build_http_query($params) {
if (is_array($value)) {
// If two or more parameters share the same name, they are sorted by their value
// Ref: Spec: 9.1.1 (1)
// June 12th, 2010 - changed to sort because of issue 164 by hidetaka
sort($value, SORT_STRING);
natsort($value);
foreach ($value as $duplicate_value) {
$pairs[] = $parameter . '=' . $duplicate_value;
}
Expand All @@ -894,4 +871,4 @@ public static function build_http_query($params) {
// Each name-value pair is separated by an '&' character (ASCII code 38)
return implode('&', $pairs);
}
}
}
Loading

0 comments on commit 2a1d28e

Please sign in to comment.