Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on Nov 12, 2013
  1. Merge pull request #64 from h0ke/master

    David Poll authored
    Fix Remote Timing Attack vulnerability
Commits on Nov 5, 2013
  1. @mattynoce

    Added test cases

    mattynoce authored
Commits on Nov 4, 2013
  1. @agiuliano

    Remove not recommended FQL

    agiuliano authored
  2. @agiuliano
  3. @agiuliano
Commits on Nov 2, 2013
  1. @h0ke

    Add space to if statement.

    h0ke authored
Commits on Nov 1, 2013
  1. @moisadoru

    Added support for multiple chained proxies that append a comma and t…

    moisadoru authored
    …heir hostnames to the previous X-Forwarded-Host header.
        If we have Client <---> Fwd Proxy1 (first.proxy) <---> Fwd Proxy2 (second.proxy )<---> Application (third.server), then we
        will have these values for a script executed on third.server::
        $_SERVER['HTTP_X_FORWARDED_HOST'] = 'first.proxy, second.proxy';
        $_SERVER['HTTP_HOST'] = 'third.server';
        If we use the raw value from $_SERVER['HTTP_X_FORWARDED_HOST'] for composing return URLs, we will generate invalid return URLs,
        in our case 'http://first.proxy, second.proxy/fb_oauth.php', and get a 'Oauth exception 191' or some other error message.
        If we properly process the X-Forwarded-Host value by taking the leftmost host, we will not get errors.
  2. @moisadoru

    Merge remote-tracking branch 'upstream/master'

    moisadoru authored
  3. @gfosco

    Merge pull request #110 from philsturgeon/php55

    gfosco authored
    Dont convert CURLFile: Take 2
  4. @philsturgeon

    and -> &&

    philsturgeon authored
Commits on Oct 28, 2013
  1. @philsturgeon

    Don't convert CURLFile params to JSON

    philsturgeon authored
    PHP 5.5 will throw deprecation warnings if users are uploading files with the previously documented `'source' => '@/foo/bar.jpg',` syntax.
    The new approach is to use `'source' => new CurlFile('/foo/bar.jpg', 'image/jpeg'),`, which obviously avoids accidental uploads (or upload attempts) from user-provided content which starts with a `"@"` character.
  2. @philsturgeon

    Update .travis.yml

    philsturgeon authored
  3. @gfosco

    Merge pull request #106 from gfosco/error_code

    gfosco authored
    Added validation and test for non-int error_code defaulting to 0.
  4. @gfosco

    Merge pull request #78 from alixandru/master

    gfosco authored
    Use OS-specific directory separator instead of hard-coded forward slash
Commits on Oct 19, 2013
  1. @gfosco
  2. @gfosco
Commits on Oct 15, 2013
  1. @gfosco

    Merge pull request #94 from oyvindkinsey/master

    gfosco authored
    Make getLoginStatusUrl use /dialog/oauth
  2. @gfosco

    Merge pull request #59 from JohnnyGoods/master

    gfosco authored
    Fix bug in CSRF state persistence when using shared sessions.
  3. @gfosco

    Merge pull request #46 from dosercz/master

    gfosco authored
    Fixed curl ssl invalid cert file
  4. @gfosco

    Merge pull request #96 from liuggio/master

    gfosco authored
    3 huge issues solved.
  5. @gfosco

    Merge pull request #95 from facebook/gFosco.unset1

    gfosco authored
    Check isset before unset
  6. @gfosco

    Merge pull request #61 from gary-rafferty/master

    gfosco authored
    Add phpunit as a dependency in composer.json
  7. @gfosco

    Merge pull request #98 from stevenwoodson/master

    gfosco authored
    Small fix to base_facebook.php
  8. @gfosco

    Check isset before unset

    gfosco authored
  9. @oyvindkinsey

    Make getLoginStatusUrl use /dialog/oauth

    oyvindkinsey authored
    To make this a drop in replacement for the old endpoint, we also need
    support from the /dialog/oauth endpoint. Specifically, the current
    endpoint, when using display=none, always return the response as part of
    the fragment, while the PHP SDK needs the signed_request as a query
    string argument.
Commits on Oct 10, 2013
  1. @gfosco

    Merge pull request #10 from dharkness/deprecations

    gfosco authored
    Add replacement method to @deprecated tags
  2. @lacker

    Merge pull request #8 from dmnc/master

    lacker authored
    Make getApplicationAccessToken public
Commits on Aug 30, 2013
  1. @mattynoce
Commits on Jul 10, 2013
  1. @liuggio

    added composer usage example

    liuggio authored
  2. @liuggio

    added color to the snippets

    liuggio authored
  3. @liuggio
Commits on May 23, 2013
  1. @alixandru

    Use OS-specific directory separator instead of hard-coded forward slash

    alixandru authored
    Fix issue with cURL on Windows machines when the local CA cert file 
    is used. For some reason cURL refuses to use the CA cert bundle if 
    forward-slashes are present in its path name.
Commits on May 16, 2013
  1. @oyvindkinsey

    Merge pull request #69 from anankan/master

    oyvindkinsey authored
    Added the proof of appsecret param to API calls
Commits on Apr 30, 2013
  1. Removed duplicate multiline comment start

    Steve Woodson authored
Commits on Apr 11, 2013
  1. @anankan
Something went wrong with that request. Please try again.