From 43475e2eae3147393cc221c492081166f75c1a53 Mon Sep 17 00:00:00 2001 From: Samat Jain Date: Tue, 20 Dec 2011 14:48:03 -0700 Subject: [PATCH] Make consistent use of POST/GET Correctly send BrowserID-related data via HTTP POST, and make sure the module looks for POST'ed data. Recently, BrowserID's payload become too large for a GET request. Even though the module's JavaScript submitted a POST, it was sent as GET data. The module also expected GET data. With the larger payload at some point all of this stopped working. --- browserid.js | 5 ++++- browserid.module | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/browserid.js b/browserid.js index c7e2c62..15302cd 100644 --- a/browserid.js +++ b/browserid.js @@ -4,7 +4,10 @@ Drupal.behaviors.browserid = { performLogin: function(context) { navigator.id.getVerifiedEmail(function(assertion) { if (assertion) { - $.post(Drupal.settings.basePath +'index.php?q=browserid/verify&assertion=' + assertion + '&audience=' + window.location.host, function (data) { + $.post(Drupal.settings.basePath + 'index.php?q=browserid/verify', + { 'assertion': assertion, + 'audience': window.location.host + }, function (data) { if (data.reload) { window.location.reload(); } diff --git a/browserid.module b/browserid.module index 897575d..4b4ac85 100644 --- a/browserid.module +++ b/browserid.module @@ -141,9 +141,9 @@ function browserid_form_user_login_block_alter(&$form, $form_state) { * Implements hook_form_FORM_ID_alter(). */ function browserid_form_user_register_form_alter(&$form, $form_state) { - if (isset($_GET['assertion']) && isset($_GET['audience'])) { + if (isset($_REQUEST['assertion']) && isset($_REQUEST['audience'])) { $response = drupal_http_request( - 'https://browserid.org/verify?assertion=' . urlencode($_GET['assertion']) . '&audience=' . urlencode($_GET['audience']), + 'https://browserid.org/verify?assertion=' . urlencode($_REQUEST['assertion']) . '&audience=' . urlencode($_REQUEST['audience']), array('method' => 'POST') ); if ($response->code == 200) { @@ -200,11 +200,11 @@ function browserid_admin($form, $form_state) { * Verifies assertions. */ function browserid_verify() { - if ($GLOBALS['user']->uid || !isset($_GET['assertion']) || !isset($_GET['audience'])) { + if ($GLOBALS['user']->uid || !isset($_REQUEST['assertion']) || !isset($_REQUEST['audience'])) { return MENU_ACCESS_DENIED; } $response = drupal_http_request( - 'https://browserid.org/verify?assertion=' . urlencode($_GET['assertion']) . '&audience=' . urlencode($_GET['audience']), + 'https://browserid.org/verify?assertion=' . urlencode($_REQUEST['assertion']) . '&audience=' . urlencode($_REQUEST['audience']), array('method' => 'POST') ); if ($response->code == 200) { @@ -217,7 +217,7 @@ function browserid_verify() { } else { drupal_json_output((object) array( - 'destination' => url('user/register', array('query' => array('assertion' => $_GET['assertion'], 'audience' => $_GET['audience']))), + 'destination' => url('user/register', array('query' => array('assertion' => $_REQUEST['assertion'], 'audience' => $_REQUEST['audience']))), )); } } -- 1.7.5.4