CodeIgniter Twitter API (Elliot Haughin's) capturing any URL get parameters with "oauth_token" in it_问答_开发者

CodeIgniter Twitter API (Elliot Haughin's) capturing any URL get parameters with "oauth_token" in it

开发者 https://www.devze.com 2023-04-04 03:47 出处：网络

Seems a little strange. I am using CodeIgniter with Elliot Haughin\'s Twitter library. It\'s an excellent API by the way.

Seems a little strange.

I am using CodeIgniter with Elliot Haughin's Twitter library. It's an excellent API by the way.

However, I autoload this library in "autoload.php" in the config folder and I noticed ANY URL that has "oauth_token" URL parameter is captured by this library.

For example, when I type

http://localhost/myapp/index.php/controller?oauth_token=1

Then it throws up an error

A PHP Error was encountered
Severity: Notice
Message: Trying to get property of non-object
Filename: libraries/Tweet.php
Line Number: 205

I went through the library and found that the following constructor calling a me开发者_开发技巧thod that checks the GET parameters.

class tweetOauth extends tweetConnection {

  function __construct()
  {
    parent::__construct();
    ..
    ..
    ..
    $this->_checkLogin();
  }

and the method "_checkLogin()" does the following

private function _checkLogin()
{
  if ( isset($_GET['oauth_token']) )
  {
    $this->_setAccessKey($_GET['oauth_token']);
    $token = $this->_getAccessToken();
    $token = $token->_result;
    ...
    ...

What would be the best way to fix this?

Why do you have oauth_token in the querystring if you're not checking for a valid oauth_token? I'm assuming at some point you want to state that a oauth_token has been set and you're just using oauth_token=1 as the parameter?

The library is set to always test against oauth_token, and it's not really a feasible tweak to do it any other way if you're autoloading it. You'd need a whitelist/blacklist of controllers (and maybe methods) it runs on, which pretty much defeats the point of autoloading.

If REALLY need to use oauth_token=1, you could just change it to

if ( isset($_GET['oauth_token']) && $_GET['oauth_token']!==1)

If you were using more than one value for oauth_token (or if your worry is that you can trigger an error by appending oauth_token=X to a URL) you could try and use a regex instead, assuming that all oauth_tokens follow a pattern (32 characters long etc).

Alternatively you could also probably just exit/return false depending on what is returned in $token = $this->_getAccessToken(). Depends what happens elsewhere in the code. Looks like returning false should just work.