Permalink
Browse files

Use `empty()` for signed request value check

  • Loading branch information...
favrik committed Nov 28, 2012
1 parent c81dfde commit 1a84329fcc8b0fa0afaf3617cd9fb15a25eff95e
Showing with 18 additions and 2 deletions.
  1. +2 −2 src/base_facebook.php
  2. +16 −0 tests/tests.php
View
@@ -483,10 +483,10 @@ protected function getUserAccessToken() {
*/
public function getSignedRequest() {
if (!$this->signedRequest) {
- if (isset($_REQUEST['signed_request'])) {
+ if (!empty($_REQUEST['signed_request'])) {
$this->signedRequest = $this->parseSignedRequest(
$_REQUEST['signed_request']);
- } else if (isset($_COOKIE[$this->getSignedRequestCookieName()])) {
+ } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
$this->signedRequest = $this->parseSignedRequest(
$_COOKIE[$this->getSignedRequestCookieName()]);
}
View
@@ -46,6 +46,10 @@ private static function kNonTosedSignedRequest() {
return $facebook->publicMakeSignedRequest(array());
}
+ private static function kSignedRequestWithEmptyValue() {
+ return '';
+ }
+
private static function kSignedRequestWithBogusSignature() {
$facebook = new FBPublic(array(
'appId' => self::APP_ID,
@@ -778,6 +782,18 @@ public function testNonTossedSignedtoken() {
$this->assertTrue(isset($sr['algorithm']));
}
+ public function testSignedRequestWithEmptyValue() {
+ $fb = new FBPublicCookie(array(
+ 'appId' => self::APP_ID,
+ 'secret' => self::SECRET
+ ));
+ $_REQUEST['signed_request'] = self::kSignedRequestWithEmptyValue();
+ $this->assertNull($fb->getSignedRequest());
+ $_COOKIE[$fb->publicGetSignedRequestCookieName()] =
+ self::kSignedRequestWithEmptyValue();
+ $this->assertNull($fb->getSignedRequest());
+ }
+
public function testSignedRequestWithWrongAlgo() {
$fb = new FBPublic(array(
'appId' => self::APP_ID,

0 comments on commit 1a84329

Please sign in to comment.