From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426
u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url) { gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret; g_return_if_fail (U1_IS_MUSIC_STORE (music_store)); g_return_if_fail (url != NULL); /* If the load_real_store callback is set up, disable it first */ if (music_store->priv->idle_cb > 0) { g_source_remove (music_store->priv->idle_cb); music_store->priv->idle_cb = 0; } real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s", music_store->priv->base_url, U1_STORE_URL, url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store->priv->base_url = https://one.ubuntu.com/ U1_STORE_URL = /music/login url = http://7dserver/path?q1=a&q2=b
will give the URL
https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed.
From http:// bazaar. launchpad. net/~ubuntuone- control- tower/libubuntu one/trunk/ view/head: /libubuntuone/ u1-music- store.c# L1426
u1_music_ store_load_ store_link (U1MusicStore *music_store, const gchar *url) consumer_ token, *oauth_ consumer_ secret, *oauth_token, *oauth_ token_secret; store-> priv->idle_ cb > 0) { store-> priv->idle_ cb); store-> priv->idle_ cb = 0; forward_ on_to_url= %s",
music_ store-> priv->base_ url,
U1_STORE_ URL,
{
gchar *real_url, *oauth_
g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
g_return_if_fail (url != NULL);
/* If the load_real_store callback is set up, disable it first */
if (music_
g_source_remove (music_
music_
}
real_url = g_strdup_printf ("%s%s?
url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store- >priv-> base_url = https:/ /one.ubuntu. com/ 7dserver/ path?q1= a&q2=b
U1_STORE_URL = /music/login
url = http://
will give the URL
https:/ /one.ubuntu. com/music/ login?forward_ on_to_url= http:// 7dserver/ path?q1= a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A/ /7dserver/ path%3Fq1% 3Da%26q2% 3Db before it is oauth-signed.