Hi Jacob, > I forgot to put a recursion limit in the new OAuth parsers; the > server-side depth checks don't apply to the client, and it's not using > the incremental parser to move the burden from the stack to the heap. > Luckily, we track the nesting level already, so a fix (attached) can > be pretty small. > > [...]
Thanks for the patch. It looks good to me. It's well documented and covered with tests. I can confirm that the tests pass. Also they fail if I decrease the $nesting_limit value to 15. -- Best regards, Aleksander Alekseev
