开发者

CodeIgniter Twitter API (Elliot Haughin's) capturing any URL get parameters with "oauth_token" in it

问答 作者:

Seems a little strange.

I am using CodeIgniter with Elliot Haughin's Twitter library. It's an excellent API by the way.

However, I autoload this library in "autoload.php" in the config folder and I noticed ANY URL that has "oauth_token" URL parameter is captured by this library.

For example, when I type 

http://localhost/myapp/index.php/controller?oauth_token=1

Then it throws up an error

A PHP Error was encountered
Severity: Notice
Message: Trying to get property of non-object
Filename: libraries/Tweet.php
Line Number: 205

I went through the library and found that the following constructor calling a me开发者_开发技巧thod that checks the GET parameters.

class tweetOauth extends tweetConnection {

  function __construct()
  {
    parent::__construct();
    ..
    ..
    ..
    $this->_checkLogin();
  }

and the method "_checkLogin()" does the following

private function _checkLogin()
{
  if ( isset($_GET['oauth_token']) )
  {
    $this->_setAccessKey($_GET['oauth_token']);
    $token = $this->_getAccessToken();
    $token = $token->_result;
    ...
    ...

What would be the best way to fix this?

Why do you have oauth_token in the querystring if you're not checking for a valid oauth_token? I'm assuming at some point you want to state that a oauth_token has been set and you're just using oauth_token=1 as the parameter?

The library is set to always test against oauth_token, and it's not really a feasible tweak to do it any other way if you're autoloading it. You'd need a whitelist/blacklist of controllers (and maybe methods) it runs on, which pretty much defeats the point of autoloading.

If REALLY need to use oauth_token=1, you could just change it to

if ( isset($_GET['oauth_token']) && $_GET['oauth_token']!==1)

If you were using more than one value for oauth_token (or if your worry is that you can trigger an error by appending oauth_token=X to a URL) you could try and use a regex instead, assuming that all oauth_tokens follow a pattern (32 characters long etc).

Alternatively you could also probably just exit/return false depending on what is returned in $token = $this->_getAccessToken(). Depends what happens elsewhere in the code. Looks like returning false should just work.

继续阅读:codeigniterphptwitter

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9