Invalid Authentication token created due to parameter double escaping

Question

Invalid Authentication token created due to parameter double escaping

Opened this issue 15 years ago · 0 comments

In the routine "get_normalized_parameters()" combined with "build_signature_base_string()" line 614
escape(oauth_request.get_normalized_parameters()),

the parmeters are being double escaped. This makes the authentication token invalid as the actual URL does not have a double escaped search string.

For example search string "Charlie Brown" has an authentication token created with "Charlie%2520Brown" while the actual URL uses the search "Charlie%20Brown" and thus returns with an invalid authentication token error.

This can be fixed in "get_normalized_parameters()" line 230 if changed as below:

    key_values = [(escape(_utf8_str(k)), escape(_utf8_str(v))) \

to:
key_values = [(_utf8_str(k), _utf8_str(v)) \

I noticed this when adding video search to the vimeo functions found at:
http://github.com/dkm/python-vimeo

This issue may existing in other places but that is the only case that impacted my code.