Seems a little strange.
似乎有点奇怪。
I am using CodeIgniter with Elliot Haughin's Twitter library. It's an excellent API by the way.
我正在使用CodeIgniter和Elliot Haughin的Twitter库。顺便说一下,它是一个出色的API。
However, I autoload this library in "autoload.php" in the config folder and I noticed ANY URL that has "oauth_token" URL parameter is captured by this library.
但是,我在config文件夹的“autoload.php”中自动加载了这个库,我注意到这个库捕获了任何带有“oauth_token”URL参数的URL。
For example, when I type
例如,当我输入
http://localhost/myapp/index.php/controller?oauth_token=1
Then it throws up an error
然后它会抛出一个错误
A PHP Error was encountered
Severity: Notice
Message: Trying to get property of non-object
Filename: libraries/Tweet.php
Line Number: 205
I went through the library and found that the following constructor calling a method that checks the GET parameters.
我浏览了库,发现以下构造函数调用了一个检查GET参数的方法。
class tweetOauth extends tweetConnection {
function __construct()
{
parent::__construct();
..
..
..
$this->_checkLogin();
}
and the method "_checkLogin()" does the following
并且方法“_checkLogin()”执行以下操作
private function _checkLogin()
{
if ( isset($_GET['oauth_token']) )
{
$this->_setAccessKey($_GET['oauth_token']);
$token = $this->_getAccessToken();
$token = $token->_result;
...
...
What would be the best way to fix this?
解决这个问题的最佳方法是什么?
1 个解决方案
#1
0
Why do you have oauth_token in the querystring if you're not checking for a valid oauth_token? I'm assuming at some point you want to state that a oauth_token has been set and you're just using oauth_token=1 as the parameter?
如果你没有检查有效的oauth_token,为什么在查询字符串中有oauth_token?我假设你想在某个时候声明已经设置了oauth_token并且你只是使用oauth_token = 1作为参数?
The library is set to always test against oauth_token, and it's not really a feasible tweak to do it any other way if you're autoloading it. You'd need a whitelist/blacklist of controllers (and maybe methods) it runs on, which pretty much defeats the point of autoloading.
该库设置为始终针对oauth_token进行测试,如果您正在自动加载它,那么以任何其他方式执行它并不是一个可行的调整。你需要一个运行的控制器(也许是方法)的白名单/黑名单,这几乎打败了自动加载点。
If REALLY need to use oauth_token=1, you could just change it to
如果真的需要使用oauth_token = 1,你可以将它改为
if ( isset($_GET['oauth_token']) && $_GET['oauth_token']!==1)
If you were using more than one value for oauth_token (or if your worry is that you can trigger an error by appending oauth_token=X to a URL) you could try and use a regex instead, assuming that all oauth_tokens follow a pattern (32 characters long etc).
如果您为oauth_token使用了多个值(或者如果您担心可以通过将oauth_token = X附加到URL来触发错误),则可以尝试使用正则表达式,假设所有oauth_tokens都遵循模式(32个字符)长等)。
Alternatively you could also probably just exit/return false depending on what is returned in $token = $this->_getAccessToken(). Depends what happens elsewhere in the code. Looks like returning false should just work.
或者你也可能只是退出/返回false,具体取决于$ token = $ this - > _ getAccessToken()中返回的内容。取决于代码中其他地方发生的事情。看起来像返回false应该只是工作。
#1
0
Why do you have oauth_token in the querystring if you're not checking for a valid oauth_token? I'm assuming at some point you want to state that a oauth_token has been set and you're just using oauth_token=1 as the parameter?
如果你没有检查有效的oauth_token,为什么在查询字符串中有oauth_token?我假设你想在某个时候声明已经设置了oauth_token并且你只是使用oauth_token = 1作为参数?
The library is set to always test against oauth_token, and it's not really a feasible tweak to do it any other way if you're autoloading it. You'd need a whitelist/blacklist of controllers (and maybe methods) it runs on, which pretty much defeats the point of autoloading.
该库设置为始终针对oauth_token进行测试,如果您正在自动加载它,那么以任何其他方式执行它并不是一个可行的调整。你需要一个运行的控制器(也许是方法)的白名单/黑名单,这几乎打败了自动加载点。
If REALLY need to use oauth_token=1, you could just change it to
如果真的需要使用oauth_token = 1,你可以将它改为
if ( isset($_GET['oauth_token']) && $_GET['oauth_token']!==1)
If you were using more than one value for oauth_token (or if your worry is that you can trigger an error by appending oauth_token=X to a URL) you could try and use a regex instead, assuming that all oauth_tokens follow a pattern (32 characters long etc).
如果您为oauth_token使用了多个值(或者如果您担心可以通过将oauth_token = X附加到URL来触发错误),则可以尝试使用正则表达式,假设所有oauth_tokens都遵循模式(32个字符)长等)。
Alternatively you could also probably just exit/return false depending on what is returned in $token = $this->_getAccessToken(). Depends what happens elsewhere in the code. Looks like returning false should just work.
或者你也可能只是退出/返回false,具体取决于$ token = $ this - > _ getAccessToken()中返回的内容。取决于代码中其他地方发生的事情。看起来像返回false应该只是工作。