Permalink
Commits on Nov 12, 2013
  1. Merge pull request #64 from h0ke/master

    David Poll committed Nov 12, 2013
    Fix Remote Timing Attack vulnerability
Commits on Nov 5, 2013
  1. Added test cases

    mattynoce committed Nov 5, 2013
Commits on Nov 4, 2013
  1. Remove not recommended FQL

    agiuliano committed Nov 4, 2013
Commits on Nov 2, 2013
  1. Add space to if statement.

    h0ke committed Nov 2, 2013
Commits on Nov 1, 2013
  1. Added support for multiple chained proxies that append a comma and t…

    moisadoru committed Nov 1, 2013
    …heir hostnames to the previous X-Forwarded-Host header.
    
        If we have Client <---> Fwd Proxy1 (first.proxy) <---> Fwd Proxy2 (second.proxy )<---> Application (third.server), then we
        will have these values for a script executed on third.server::
    
        $_SERVER['HTTP_X_FORWARDED_HOST'] = 'first.proxy, second.proxy';
        $_SERVER['HTTP_HOST'] = 'third.server';
    
        If we use the raw value from $_SERVER['HTTP_X_FORWARDED_HOST'] for composing return URLs, we will generate invalid return URLs,
        in our case 'http://first.proxy, second.proxy/fb_oauth.php', and get a 'Oauth exception 191' or some other error message.
    
        If we properly process the X-Forwarded-Host value by taking the leftmost host, we will not get errors.
  2. Merge remote-tracking branch 'upstream/master'

    moisadoru committed Nov 1, 2013
    Conflicts:
    	src/base_facebook.php
  3. Merge pull request #110 from philsturgeon/php55

    gfosco committed Nov 1, 2013
    Dont convert CURLFile: Take 2
  4. and -> &&

    Phil Sturgeon committed Nov 1, 2013
Commits on Oct 28, 2013
  1. Don't convert CURLFile params to JSON

    Phil Sturgeon committed Aug 29, 2013
    PHP 5.5 will throw deprecation warnings if users are uploading files with the previously documented `'source' => '@/foo/bar.jpg',` syntax.
    
    The new approach is to use `'source' => new CurlFile('/foo/bar.jpg', 'image/jpeg'),`, which obviously avoids accidental uploads (or upload attempts) from user-provided content which starts with a `"@"` character.
  2. Update .travis.yml

    Phil Sturgeon committed Oct 17, 2013
  3. Merge pull request #106 from gfosco/error_code

    gfosco committed Oct 28, 2013
    Added validation and test for non-int error_code defaulting to 0.
  4. Merge pull request #78 from alixandru/master

    gfosco committed Oct 28, 2013
    Use OS-specific directory separator instead of hard-coded forward slash
Commits on Oct 19, 2013
Commits on Oct 15, 2013
  1. Merge pull request #94 from oyvindkinsey/master

    gfosco committed Oct 15, 2013
    Make getLoginStatusUrl use /dialog/oauth
  2. Merge pull request #59 from JohnnyGoods/master

    gfosco committed Oct 15, 2013
    Fix bug in CSRF state persistence when using shared sessions.
  3. Merge pull request #46 from dosercz/master

    gfosco committed Oct 15, 2013
    Fixed curl ssl invalid cert file
  4. Merge pull request #96 from liuggio/master

    gfosco committed Oct 15, 2013
    3 huge issues solved.
  5. Merge pull request #95 from facebook/gFosco.unset1

    gfosco committed Oct 15, 2013
    Check isset before unset
  6. Merge pull request #61 from gary-rafferty/master

    gfosco committed Oct 15, 2013
    Add phpunit as a dependency in composer.json
  7. Merge pull request #98 from stevenwoodson/master

    gfosco committed Oct 15, 2013
    Small fix to base_facebook.php
  8. Check isset before unset

    gfosco committed Oct 15, 2013
  9. Make getLoginStatusUrl use /dialog/oauth

    oyvindkinsey committed Aug 27, 2013
    To make this a drop in replacement for the old endpoint, we also need
    support from the /dialog/oauth endpoint. Specifically, the current
    endpoint, when using display=none, always return the response as part of
    the fragment, while the PHP SDK needs the signed_request as a query
    string argument.
Commits on Oct 10, 2013
  1. Merge pull request #10 from dharkness/deprecations

    gfosco committed Oct 10, 2013
    Add replacement method to @deprecated tags
  2. Merge pull request #8 from dmnc/master

    Kevin Lacker committed Oct 10, 2013
    Make getApplicationAccessToken public
Commits on Aug 30, 2013
Commits on Jul 10, 2013
  1. added composer usage example

    liuggio committed Jul 10, 2013
  2. added color to the snippets

    liuggio committed Jul 10, 2013
Commits on May 23, 2013
  1. Use OS-specific directory separator instead of hard-coded forward slash

    alixandru committed May 23, 2013
    Fix issue with cURL on Windows machines when the local CA cert file 
    is used. For some reason cURL refuses to use the CA cert bundle if 
    forward-slashes are present in its path name.
Commits on May 16, 2013
  1. Merge pull request #69 from anankan/master

    oyvindkinsey committed May 16, 2013
    Added the proof of appsecret param to API calls
Commits on Apr 30, 2013
  1. Removed duplicate multiline comment start

    Steve Woodson committed Apr 30, 2013
Commits on Apr 11, 2013