Skip to content

Commit

Permalink
Robust query string encoding for multidimensional arrays
Browse files Browse the repository at this point in the history
This previously relied on a hand-rolled function that tried to do
its own urlencoding.

This commit moves query string encoding to the standard function
http_build_query.
  • Loading branch information
duncanjbrown committed Mar 10, 2016
1 parent bd6d869 commit a28d265
Showing 1 changed file with 15 additions and 25 deletions.
40 changes: 15 additions & 25 deletions lib/class-wp-rest-oauth1.php
Original file line number Diff line number Diff line change
Expand Up @@ -711,31 +711,21 @@ protected function check_oauth_signature( $consumer, $oauth_params, $token = nul
* @return string Signature string
*/
public function create_signature_string( $params ) {
return implode( '%26', $this->join_with_equals_sign( $params ) ); // join with ampersand
}

/**
* Creates an array of urlencoded strings out of each array key/value pairs
*
* @since 0.1.0
* @param array $params Array of parameters to convert.
* @param array $query_params Array to extend.
* @param string $key Optional Array key to append
* @return string Array of urlencoded strings
*/
public function join_with_equals_sign( $params, $query_params = array(), $key = '' ) {
foreach ( $params as $param_key => $param_value ) {
if ( is_array( $param_value ) ) {
$query_params = $this->join_with_equals_sign( $param_value, $query_params, $param_key );
} else {
if ( $key ) {
$param_key = $key . '[' . $param_key . ']'; // Handle multi-dimensional array
}
$string = $param_key . '=' . $param_value; // join with equals sign
$query_params[] = urlencode( $string );
}
}
return $query_params;
$query = http_build_query( $params );
// http_build_query will attach numeric indices for array values, eg
// filter[post__not_in][0]=1 instead of filter[post__not_in][]=1.
//
// Clients issue requests in the form filter[post__not_in][]=1 so
// we should compare against that. This regex will strip out
// the numeric indices.
//
// cf. http://php.net/manual/en/function.http-build-query.php
// cf. http://stackoverflow.com/a/11996686/751089
$replaced = preg_replace( '/%5B[0-9]+%5D/simU', '%5B%5D', $query );

// http_build_query has urlencoded the parameters, but our calling function
// expects a double-encoded return value here.
return urlencode( $replaced );
}

/**
Expand Down

0 comments on commit a28d265

Please sign in to comment.