Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In oauth_commons.pages.inc on line 134, you'll find
else {
$query = $_GET;
unset($query['q']); // why are there so few q's?
drupal_goto('user/login', array(
'destination' => url('oauth/authorize', array(
'query' => $query,
'absolute' => FALSE,
)),
));
}
A problem is introduce by the combination of using drupal_goto() and url() with in both cases $query as an array.
In url() this happens with $query as an array:
if (is_array($options['query'])) {
$options['query'] = drupal_query_string_encode($options['query']);
}
The drupal_query_string_encode() is called twice which causes a double encoding.
The fix:
else {
$query = $_GET;
unset($query['q']); // why are there so few q's?
drupal_goto('user/login', 'destination=' . url('oauth/authorize',
array(
'query' => $query,
'absolute' => FALSE,
)
));
}
Find patch attached. (applies by both 6.x-2.x and 6.x-1.x
Comment | File | Size | Author |
---|---|---|---|
oauth_commons.pages-double-encode.patch | 567 bytes | toemaz | |
Comments
Comment #1
toemaz CreditAttribution: toemaz commentedChanging to right status
Comment #2
toemaz CreditAttribution: toemaz commentedMoving from oauth_common to oauth as advised by voxpelli. Patch still applies.
Comment #3
toemaz CreditAttribution: toemaz commentedJust to make sure that the problem of the double encoding is understood, this is how double encoded destination url looks like:
http://yourdomain.com/user/login?destination=%2Foauth%2Fauthorize%3Foaut...
Comment #4
voxpelli CreditAttribution: voxpelli commentedThis seems to somehow be related to #922110: user/login destination parameter incorrectly including base directory on authorize page - right? Should the patches be merged or does one replace the other?
Comment #5
miqmago CreditAttribution: miqmago commentedI'm having same problem on drupal 7. Patch doesn't solve.
Getting the following error after the patch here: Recoverable fatal error: Argument 2 passed to drupal_goto() must be an array, string given, called in C:\Users\Miquel\Documents\00\03-www\public_html\sites\all\modules\oauth\oauth_common.pages.inc on line 236 and defined en drupal_goto() (línea 668 de C:\Users\Miquel\Documents\00\03-www\public_html\includes\common.inc).
#922110 Also not solving the problem.
Candidate solution:
Seems that changing from:
to:
solves the problem. If it is a good solution I can post the patch.
I'm not sure if 'oauth/authorize?' . drupal_http_build_query() could affect anywherelse.
Comment #6
chustedde CreditAttribution: chustedde commentedI was having the issue in #922110: user/login destination parameter incorrectly including base directory on authorize page (but in D7), and I was able to fix it using your solution, so I posted a patch there.