public static function parse_parameters($input) { if (!isset($input) || !$input) { return array(); } $pairs = split('&', $input); $parsed_parameters = array(); foreach ($pairs as $pair) { $split = split('=', $pair, 2); $parameter = OAuthUtil::urldecode_rfc3986($split[0]); $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; if (isset($parsed_parameters[$parameter])) { // We have already recieved parameter(s) with this name, so add to the list // of parameters with this name if (is_scalar($parsed_parameters[$parameter])) { // This is the first duplicate, so transform scalar (string) into an array // so we can add the duplicates $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]); } $parsed_parameters[$parameter][] = $value; } else { $parsed_parameters[$parameter] = $value; } } return $parsed_parameters; }
public static function split_header($header, $only_allow_oauth_parameters = true) { $params = array(); if (preg_match_all('/(' . ($only_allow_oauth_parameters ? 'oauth_' : '') . '[a-z_-]*)=(:?"([^"]*)"|([^,]*))/', $header, $matches)) { foreach ($matches[1] as $i => $h) { $params[$h] = OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]); } if (isset($params['realm'])) { unset($params['realm']); } } return $params; }
public function testUrldecode() { // Tests taken from // http://wiki.oauth.net/TestCases ("Parameter Encoding") $this->assertEquals('abcABC123', OAuthUtil::urldecode_rfc3986('abcABC123')); $this->assertEquals('-._~', OAuthUtil::urldecode_rfc3986('-._~')); $this->assertEquals('%', OAuthUtil::urldecode_rfc3986('%25')); $this->assertEquals('+', OAuthUtil::urldecode_rfc3986('%2B')); $this->assertEquals("\n", OAuthUtil::urldecode_rfc3986('%0A')); $this->assertEquals(' ', OAuthUtil::urldecode_rfc3986('%20')); $this->assertEquals("", OAuthUtil::urldecode_rfc3986('%7F')); //$this->assertEquals("\x00\x80", OAuthUtil::urldecode_rfc3986('%C2%80')); //$this->assertEquals("\x30\x01", OAuthUtil::urldecode_rfc3986('%E3%80%81')); // Last two checks disabled because of lack of UTF-8 support, or lack // of knowledge from me (morten.fangel) on how to use it properly.. }
function lti_parse_request_OLD($wp) { if (!is_basic_lti_request()) { $good_message_type = $_REQUEST[LTI_MESSAGE_TYPE] == LTI_MESSAGE_TYPE_VALUE; $good_lti_version = $_REQUEST[LTI_VERSION] == LTI_VERSION_VALUE; $resource_link_id = $_REQUEST[RESOURCE_LINK_ID]; if ($good_message_type && $good_lti_version && !isset($resource_link_id)) { $launch_presentation_return_url = $_REQUEST[LAUNCH_PRESENTATION_URL]; if (isset($launch_presentation_return_url)) { header('Location: ' . $launch_presentation_return_url); exit; } } return; } // See if we get a context, do not set session, do not redirect $secret = lti_get_secret_from_consumer_key(); $context = new bltiUocWrapper(false, false, null, $secret); if (!$context->valid) { //var_dump($_POST); echo "<hr>OAuthUtil::urldecode_rfc3986('%2B') " . OAuthUtil::urldecode_rfc3986('%2B') . "<br>"; echo "<hr>OAuthUtil::urldecode_rfc3986('%5C') " . OAuthUtil::urldecode_rfc3986('%5C') . "<br>"; wp_die("BASIC LTI Authentication Failed, not valid request (make sure that consumer is authorized and secret is correct) " . $context->message); return; } $error = is_lti_error_data($context); if ($error !== FALSE) { $launch_presentation_return_url = $_REQUEST[LAUNCH_PRESENTATION_URL]; if (isset($launch_presentation_return_url)) { $error = '<p>' . $error . '</p><p>Return to site <a href="' . $launch_presentation_return_url . '">' . $launch_presentation_return_url . '</a></p>'; } wp_die($error, ''); } $blogType = new blogTypeLoader($context); if ($blogType->error < 0) { wp_die("BASIC LTI loading Types Aula Failed " . $blogType->error_miss); return; } // Set up the user... $userkey = getUserkeyLTI($context); $userkey = apply_filters('pre_user_login', $userkey); $userkey = trim($userkey); if (empty($userkey)) { wp_die('<p>Empty username</p><p>Cannot create a user without username</p>'); } $uinfo = get_user_by('login', $userkey); if (isset($uinfo) && $uinfo != false) { // og LTI: set the user_login and user_nicename to the same value, // , because we want the wordpress-login cookie to have the username // otherwise caching won't work properly! $ret_id = wp_insert_user(array('ID' => $uinfo->ID, 'user_login' => $userkey, 'user_nicename' => $userkey, 'first_name' => $context->getUserFirstName(), 'last_name' => $context->getUserLastName(), 'user_email' => $context->getUserEmail(), 'user_url' => 'http://b', 'display_name' => $context->getUserName(), 'role' => get_option('default_role'))); //error_log("og old role is set"); if (is_object($ret_id) && isset($ret_id->errors)) { $msg = ''; foreach ($ret_id->errors as $key => $error) { $msg .= "<p><b>{$key}</b> "; foreach ($error as $erroMsg) { $msg .= "<p> {$erroMsg}</p>"; } $msg .= "</p>"; } wp_die($msg); } } else { // new user!!!! $ret_id = wp_insert_user(array('user_login' => $userkey, 'user_nicename' => $context->getUserName(), 'first_name' => $context->getUserFirstName(), 'last_name' => $context->getUserLastName(), 'user_email' => $context->getUserEmail(), 'user_url' => 'http://c', 'display_name' => $context->getUserName())); if (is_object($ret_id) && isset($ret_id->errors)) { $msg = ''; foreach ($ret_id->errors as $key => $error) { $msg .= "<p><b>{$key}</b> "; foreach ($error as $erroMsg) { $msg .= "<p> {$erroMsg}</p>"; } $msg .= "</p>"; } wp_die($msg); } $uinfo = get_user_by('login', $userkey); } //Eliminem del blog Principal (si no es admin) http://jira.uoc.edu/jira/browse/BLOGA-218 if (!$is_admin) { $user = new WP_User($uinfo->ID); $user->remove_all_caps(); } $_SERVER['REMOTE_USER'] = $userkey; $password = md5($uinfo->user_pass); // User is now authorized; force WordPress to use the generated password //login, set cookies, and set current user wp_authenticate($userkey, $password); wp_set_auth_cookie($user->ID, false); wp_set_current_user($user->ID, $userkey); $siteUrl = substr(get_option("siteurl"), 7); // - "http://" $siteUrlArray = explode("/", $siteUrl); $domain = $siteUrlArray[0]; unset($siteUrlArray[0]); //error_log("og LTI domain: ". $domain); $course = $blogType->getCoursePath($context, $siteUrlArray, $domain); if (isset($context->info[RESOURCE_LINK_ID]) && $context->info[RESOURCE_LINK_ID]) { $course .= '-' . $context->info[RESOURCE_LINK_ID]; } $course = sanitize_user($course, true); //Bug wordpress doesn't get stye sheet if has a dot $course = str_replace('.', '_', $course); $path_base = "/" . implode("/", $siteUrlArray) . "/" . $course; $path_base = str_replace('//', '/', $path_base); $path = $path_base . "/"; $path = str_replace('//', '/', $path); $blog_created = false; $overwrite_plugins_theme = isset($context->info[OVERWRITE_PLUGINS_THEME]) ? $context->info[OVERWRITE_PLUGINS_THEME] == 1 : false; $overwrite_roles = isset($context->info[OVERWRITE_ROLES]) ? $context->info[OVERWRITE_ROLES] == 1 : false; $blog_id = domain_exists($domain, $path); $blog_is_new = false; if (!isset($blog_id)) { $title = __("Blog ") . $blogType->getCourseName($context); $blog_is_new = true; $meta = $blogType->getMetaBlog($context); $old_site_language = get_site_option('WPLANG'); $blogType->setLanguage($context); $blog_id = wpmu_create_blog($domain, $path, $title, $user_id, $meta); update_site_option('WPLANG', $old_site_language); $blogType->checkErrorCreatingBlog($blog_id, $path); $blog_created = true; } // Connect the user to the blog if (isset($blog_id)) { switch_to_blog($blog_id); ob_start(); if ($overwrite_plugins_theme || $blog_created) { $blogType->loadPlugins(); $blogType->changeTheme(); } //Agafem el rol anterior $old_role = null; if (!$blog_created && !$overwrite_roles) { $old_role_array = get_usermeta($user->id, 'wp_' . $blog_id . '_capabilities'); if (count($old_role_array) > 0) { foreach ($old_role_array as $key => $value) { if ($value == true) { $old_role = $key; } } } } remove_user_from_blog($uinfo->ID, $blog_id); $obj = new stdClass(); $obj->blog_id = $blog_id; $obj->userkey = $userkey; $obj->path_base = $path_base; $obj->domain = $domain; $obj->context = $context; $obj->uinfoID = $uinfo->ID; $obj->blog_is_new = $blog_is_new; if ($overwrite_roles || $old_role == null) { $obj->role = $blogType->roleMapping($context->info[FIELD_ROLE_UOC_CAMPUS], $context->info); } else { $obj->role = $old_role; } $blogType->postActions($obj); add_user_to_blog($blog_id, $uinfo->ID, $obj->role); //Si posem el restore_current_blog ens va al principi // restore_current_blog(); ob_end_clean(); } $redirecturl = get_option("siteurl"); //error_log("og LTI redirect URL: ".$redirecturl); $redirecturl = str_replace("http://", "https://", $redirecturl); //error_log("og LTI new redirect URL: ".$redirecturl); wp_redirect($redirecturl); exit; }
/** * util function for turning the Authorization: header into * parameters, has to do some unescaping */ private static function split_header($header) { /*{{{*/ $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/'; $offset = 0; $params = array(); while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) { $match = $matches[0]; $header_name = $matches[2][0]; $header_content = isset($matches[5]) ? $matches[5][0] : $matches[4][0]; $params[$header_name] = OAuthUtil::urldecode_rfc3986($header_content); $offset = $match[1] + strlen($match[0]); } if (isset($params['realm'])) { unset($params['realm']); } return $params; }
public static function parse_parameters($input) { if (!isset($input) || !$input) { return array(); } $pairs = explode('&', $input); $parsed_parameters = array(); foreach ($pairs as $pair) { $split = explode('=', $pair, 2); // Addition - KH // only accept parameters prefixed with 'oauth', this allows additional GET parameters to be used by the script if (!preg_match("/^oauth_/i", $split[0])) { continue; } $parameter = OAuthUtil::urldecode_rfc3986($split[0]); $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; if (isset($parsed_parameters[$parameter])) { // We have already recieved parameter(s) with this name, so add to the list // of parameters with this name if (is_scalar($parsed_parameters[$parameter])) { // This is the first duplicate, so transform scalar (string) into an array // so we can add the duplicates $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]); } $parsed_parameters[$parameter][] = $value; } else { $parsed_parameters[$parameter] = $value; } } return $parsed_parameters; }
public static function parse_parameters($input) { if (!isset($input) || !$input) { return array(); } $pairs = explode('&', $input); $parsed_parameters = array(); foreach ($pairs as $pair) { $split = explode('=', $pair, 2); $parameter = OAuthUtil::urldecode_rfc3986($split[0]); $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; if (isset($parsed_parameters[$parameter])) { if (is_scalar($parsed_parameters[$parameter])) { $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]); } $parsed_parameters[$parameter][] = $value; } else { $parsed_parameters[$parameter] = $value; } } return $parsed_parameters; }
static function split_header($header, $only_allow_oauth_parameters = true) { $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/'; $offset = 0; $params = array(); while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) { $match = $matches[0]; $header_name = $matches[2][0]; $header_content = (isset($matches[5])) ? $matches[5][0] : $matches[4][0]; if (preg_match('/^oauth_/', $header_name) || !$only_allow_oauth_parameters) { $params[$header_name] = OAuthUtil::urldecode_rfc3986($header_content); } $offset = $match[1] + strlen($match[0]); } if (isset($params['realm'])) { unset($params['realm']); } return $params; }
public static function parse_parameters($input) { //var_dump($input); if (!isset($input) || !$input) { return array(); } if (substr($input, 0, 5) == '<?xml') { return (array) @simplexml_load_string($input); } if (preg_match('/^[\\{\\[]/', $input)) { return @json_decode($input, true); } $pairs = explode('&', $input); $parsed_parameters = array(); foreach ($pairs as $pair) { $split = explode('=', $pair, 2); $parameter = trim(OAuthUtil::urldecode_rfc3986($split[0])); $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; if (isset($parsed_parameters[$parameter])) { // We have already recieved parameter(s) with this name, so add to the list // of parameters with this name if (is_scalar($parsed_parameters[$parameter])) { // This is the first duplicate, so transform scalar (string) into an array // so we can add the duplicates $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]); } $parsed_parameters[$parameter][] = $value; } else { $parsed_parameters[$parameter] = $value; } } return $parsed_parameters; }
public static function parse_parameters($input) { if (!isset($input) || !$input) { return array(); } $pairs = explode('&', $input); $parsed_parameters = array(); foreach ($pairs as $pair) { $split = explode('=', $pair, 2); $parameter = OAuthUtil::urldecode_rfc3986($split[0]); $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : ''; // if we received an empty parameter (can happen with sth like "...php?&key=v..." // which we do not send with our signedrequests, we omit it from the signature // as well if (!$parameter) { continue; } if (isset($parsed_parameters[$parameter])) { // We have already recieved parameter(s) with this name, so add to the list // of parameters with this name if (is_scalar($parsed_parameters[$parameter])) { // This is the first duplicate, so transform scalar (string) into an array // so we can add the duplicates $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]); } $parsed_parameters[$parameter][] = $value; } else { $parsed_parameters[$parameter] = $value; } } return $parsed_parameters; }