harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disable the oauth2testvehicle completely until it is safe

Browse Source
This commit is contained in:
zotlabs 2018-04-03 21:58:11 -07:00
parent 29b377d4c5
commit 8871f8d0f4
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Zotlabs/Module/Oauth2testvehicle.php
View File

@ -12,6 +12,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
function init() { function init() {
killme();
// If there is a 'code' and 'state' parameter then this is a client app // If there is a 'code' and 'state' parameter then this is a client app
// callback issued after the authorization code request // callback issued after the authorization code request
// TODO: Check state value and compare to original sent value // TODO: Check state value and compare to original sent value
@ -20,7 +22,7 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
// cookie, and compare it when the user comes back. This ensures your // cookie, and compare it when the user comes back. This ensures your
// redirection endpoint isn't able to be tricked into attempting to // redirection endpoint isn't able to be tricked into attempting to
// exchange arbitrary authorization codes." // exchange arbitrary authorization codes."
$_SESSION['redirect_uri'] = 'http://hub.localhost/oauth2testvehicle'; $_SESSION['redirect_uri'] = z_root() . '/oauth2testvehicle';
$_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']); $_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']);
$_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] ); $_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] );
$_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] ); $_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] );