Wrong use of absolute url in destination, function _oauth_common_authorize() [#773264]

As mentioned on drupal_goto(): // Do not redirect to an absolute URL originating from user input.

This means when you pass on an absolute url, it's not used. _oauth_common_authorize() has to be changed:

    $query = $_GET;
    unset($query['q']); // why are there so few q's?
    drupal_goto('user/login', array(
      'destination' => url('oauth/authorize', array(
        'query' => $query,
        'absolute' => TRUE,
      )),
    ));

Find patch attached for the fix.

Comment	File	Size	Author
	oauth_common.pages_.inc-absolute.patch	603 bytes	toemaz

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

Hugo Wetterberg CreditAttribution: Hugo Wetterberg commented 21 May 2010 at 06:38

Project:	OAuth Common (deprecated)	» OAuth 1.0
Version:	6.x-1.0-beta5	» 6.x-3.0-beta1

Comment #2

voxpelli CreditAttribution: voxpelli commented 11 July 2010 at 21:20

Status:

Active

» Needs review

Comment #3

voxpelli CreditAttribution: voxpelli commented 18 July 2010 at 17:39

Version:	6.x-3.0-beta1	» 6.x-3.0-beta2
Status:	Needs review	» Fixed

Fixed - thanks for the patch and sorry for the delay!

Comment #4

1 August 2010 at 17:40

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Wrong use of absolute url in destination, function _oauth_common_authorize()

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community