Merge pull request facebookarchive#45 from favrik/master

Use `empty()` for signed request value check

Author: oyvindkinsey

src/base_facebook.php

@@ -488,10 +488,10 @@ protected function getUserAccessToken() {
    */
   public function getSignedRequest() {
     if (!$this->signedRequest) {
-      if (isset($_REQUEST['signed_request'])) {
+      if (!empty($_REQUEST['signed_request'])) {
         $this->signedRequest = $this->parseSignedRequest(
           $_REQUEST['signed_request']);
-      } else if (isset($_COOKIE[$this->getSignedRequestCookieName()])) {
+      } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
         $this->signedRequest = $this->parseSignedRequest(
           $_COOKIE[$this->getSignedRequestCookieName()]);
       }

tests/tests.php

@@ -46,6 +46,10 @@ private static function kNonTosedSignedRequest() {
     return $facebook->publicMakeSignedRequest(array());
   }
 
+  private static function kSignedRequestWithEmptyValue() {
+    return '';
+  }
+
   private static function kSignedRequestWithBogusSignature() {
     $facebook = new FBPublic(array(
       'appId'  => self::APP_ID,
@@ -778,6 +782,18 @@ public function testNonTossedSignedtoken() {
     $this->assertTrue(isset($sr['algorithm']));
   }
 
+  public function testSignedRequestWithEmptyValue() {
+    $fb = new FBPublicCookie(array(
+      'appId'  => self::APP_ID,
+      'secret' => self::SECRET
+    ));
+    $_REQUEST['signed_request'] = self::kSignedRequestWithEmptyValue();
+    $this->assertNull($fb->getSignedRequest());
+    $_COOKIE[$fb->publicGetSignedRequestCookieName()] =
+      self::kSignedRequestWithEmptyValue();
+    $this->assertNull($fb->getSignedRequest());
+  }
+
   public function testSignedRequestWithWrongAlgo() {
     $fb = new FBPublic(array(
       'appId'  => self::APP_ID,