From d58a3e03c67053e7064aec54ac1bada2cfdf2291 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <>
Date: Fri, 11 May 2018 11:13:12 +0200
Subject: [PATCH] Attempt to resolve some of the conflicts with master

 .travis.yml                                   |   2 +-
 lib/SimpleSAML/XHTML/Template.php             |   3 +-
 .../dictionaries/consent.definition.json      |   2 +-
 modules/consent/dictionaries/consent.php      |   2 +-
 modules/consent/templates/consentform.php     |   4 +-
 modules/core/www/frontpage_config.php         | 163 ++++++++----------
 modules/oauth/lib/Consumer.php                |  50 ++----
 modules/oauth/lib/OAuthStore.php              |  48 +++---
 modules/oauth/libextinc/OAuth.php             |  42 +++--
 9 files changed, 143 insertions(+), 173 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index ad225a492..9bf4d39c1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,7 +11,7 @@ matrix:
   - php: hhvm
 - composer update
-#- if [[ "$TRAVIS_PHP_VERSION" == "7.0" ]]; then composer require --dev vimeo/psalm; fi
+- if [[ "$TRAVIS_PHP_VERSION" == "7.0" ]]; then composer require --dev vimeo/psalm:0.3.72; fi
 - if [[ "$TRAVIS_PHP_VERSION" == "5.6" ]]; then composer require --dev php-coveralls/php-coveralls; fi
 - bin/
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index eb14b2bc8..d3d3ef32a 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -176,7 +176,7 @@ class SimpleSAML_XHTML_Template
         if ($this->theme['module']) {
             try {
                 $templateDirs[] = array(
-                    $this->theme['module'] =>TemplateLoader::getModuleTemplateDir($this->theme['module'])
+                    $this->theme['module'] => TemplateLoader::getModuleTemplateDir($this->theme['module'])
             } catch (\InvalidArgumentException $e) {
                 // either the module is not enabled or it has no "templates" directory, ignore
@@ -268,6 +268,7 @@ class SimpleSAML_XHTML_Template
         return $twig;
      * Add overriding templates from the configured theme.
diff --git a/modules/consent/dictionaries/consent.definition.json b/modules/consent/dictionaries/consent.definition.json
index 1fec43043..6c4451610 100644
--- a/modules/consent/dictionaries/consent.definition.json
+++ b/modules/consent/dictionaries/consent.definition.json
@@ -27,7 +27,7 @@
         "en": "show\/hide attributes"
     "consent_privacypolicy": {
-        "en": "Privacypolicy for the service"
+        "en": "Privacy policy for the service"
     "noconsent_title": {
         "en": "No consent given"
diff --git a/modules/consent/dictionaries/consent.php b/modules/consent/dictionaries/consent.php
index e70e43016..dfb70c73e 100644
--- a/modules/consent/dictionaries/consent.php
+++ b/modules/consent/dictionaries/consent.php
@@ -119,7 +119,7 @@ $lang = array(
         'no' => 'Personvern for tjenesten',
         'nn' => 'Personvern for tenesta',
         'da' => 'Tjenestens politik vedrørende personoplysninger',
-        'en' => 'Privacypolicy for the service',
+        'en' => 'Privacy policy for the service',
         'de' => 'Datenschutzrichtlinie des Dienstes',
         'sv' => 'Tjänstens policy för personlig integritet',
         'fi' => 'Tietosuojaseloste palvelulle',
diff --git a/modules/consent/templates/consentform.php b/modules/consent/templates/consentform.php
index fed9e8cc4..738276b0b 100644
--- a/modules/consent/templates/consentform.php
+++ b/modules/consent/templates/consentform.php
@@ -53,8 +53,8 @@ if ($this->data['usestorage']) {
 if ($this->data['sppp'] !== false) {
-    echo "<p>" . htmlspecialchars($this->t('{consent:consent:consent_privacypolicy}'));
-    echo "<a target='_blank' href='" . htmlspecialchars($this->data['sppp']) . "'>" . $dstName . "</a>";
+    echo "<p>" . htmlspecialchars($this->t('{consent:consent:consent_privacypolicy}')) . " ";
+    echo '<a target="_blank" href="' . htmlspecialchars($this->data['sppp']) . '">' . $dstName . "</a>";
     echo "</p>";
diff --git a/modules/core/www/frontpage_config.php b/modules/core/www/frontpage_config.php
index a4a9f80e4..42a468a24 100644
--- a/modules/core/www/frontpage_config.php
+++ b/modules/core/www/frontpage_config.php
@@ -17,48 +17,42 @@ $isadmin = SimpleSAML\Utils\Auth::isAdmin();
 $warnings = array();
 if (!\SimpleSAML\Utils\HTTP::isHTTPS()) {
-	$warnings[] = '{core:frontpage:warnings_https}';
+    $warnings[] = '{core:frontpage:warnings_https}';
 if ($config->getValue('secretsalt') === 'defaultsecretsalt') {
-	$warnings[] = '{core:frontpage:warnings_secretsalt}';
+    $warnings[] = '{core:frontpage:warnings_secretsalt}';
 if (extension_loaded('suhosin')) {
-	$suhosinLength = ini_get('suhosin.get.max_value_length');
-	if (empty($suhosinLength) || (int)$suhosinLength < 2048) {
-		$warnings[] = '{core:frontpage:warnings_suhosin_url_length}';
-	}
+    $suhosinLength = ini_get('suhosin.get.max_value_length');
+    if (empty($suhosinLength) || (int)$suhosinLength < 2048) {
+        $warnings[] = '{core:frontpage:warnings_suhosin_url_length}';
+    }
 $links = array();
 $links_welcome = array();
 $links_config = array();
 $links_auth = array();
 $links_federation = array();
 $links_config[] = array(
-	'href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/hostnames.php',
-	'text' => '{core:frontpage:link_diagnostics}'
+    'href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/hostnames.php',
+    'text' => '{core:frontpage:link_diagnostics}'
 $links_config[] = array(
-	'href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/phpinfo.php',
-	'text' => '{core:frontpage:link_phpinfo}'
+    'href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/phpinfo.php',
+    'text' => '{core:frontpage:link_phpinfo}'
 $allLinks = array(
-	'links'      => &$links,
-	'welcome'    => &$links_welcome,
-	'config'     => &$links_config,
-	'auth'       => &$links_auth,
-	'federation' => &$links_federation,
+    'links'      => &$links,
+    'welcome'    => &$links_welcome,
+    'config'     => &$links_config,
+    'auth'       => &$links_auth,
+    'federation' => &$links_federation,
 SimpleSAML\Module::callHooks('frontpage', $allLinks);
@@ -66,68 +60,69 @@ SimpleSAML\Module::callHooks('frontpage', $allLinks);
 // don't need to fetch it on every access to this page.
 $current = $config->getVersion();
 if ($config->getBoolean('admin.checkforupdates', true) && $current !== 'master') {
-	$latest = $session->getData("core:latest_simplesamlphp_version", "version");
-	if (!$latest) {
-		$api_url = '';
-		$ch = curl_init($api_url.'/latest');
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		curl_setopt($ch, CURLOPT_USERAGENT, 'SimpleSAMLphp');
-		curl_setopt($ch, CURLOPT_TIMEOUT, 2);
-		curl_setopt($ch, CURLOPT_PROXY, $config->getString('proxy', null));
-		curl_setopt($ch, CURLOPT_PROXYUSERPWD, $config->getstring('proxy.auth', null));
-		$response = curl_exec($ch);
-		if (curl_getinfo($ch, CURLINFO_HTTP_CODE) === 200) {
-			$latest = json_decode($response, true);
-			$session->setData("core:latest_simplesamlphp_version", "version", $latest);
-		}
-		curl_close($ch);
-	}
-	if ($latest && version_compare($current, ltrim($latest['tag_name'], 'v'), 'lt')) {
-		$outdated = true;
-		$warnings[] = array(
-			'{core:frontpage:warnings_outdated}',
-			array('%LATEST_URL%' => $latest['html_url'])
-		);
-	}
+    $latest = $session->getData("core:latest_simplesamlphp_version", "version");
+    if (!$latest) {
+        $api_url = '';
+        $ch = curl_init($api_url.'/latest');
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($ch, CURLOPT_USERAGENT, 'SimpleSAMLphp');
+        curl_setopt($ch, CURLOPT_TIMEOUT, 2);
+        curl_setopt($ch, CURLOPT_PROXY, $config->getString('proxy', null));
+        curl_setopt($ch, CURLOPT_PROXYUSERPWD, $config->getstring('proxy.auth', null));
+        $response = curl_exec($ch);
+        if (curl_getinfo($ch, CURLINFO_HTTP_CODE) === 200) {
+            $latest = json_decode($response, true);
+            $session->setData("core:latest_simplesamlphp_version", "version", $latest);
+        }
+        curl_close($ch);
+    }
+    if ($latest && version_compare($current, ltrim($latest['tag_name'], 'v'), 'lt')) {
+        $outdated = true;
+        $warnings[] = array(
+            '{core:frontpage:warnings_outdated}',
+            array('%LATEST_URL%' => $latest['html_url'])
+        );
+    }
 $enablematrix = array(
-	'saml20idp' => $config->getBoolean('enable.saml20-idp', false),
-	'shib13idp' => $config->getBoolean('enable.shib13-idp', false),
+    'saml20idp' => $config->getBoolean('enable.saml20-idp', false),
+    'shib13idp' => $config->getBoolean('enable.shib13-idp', false),
 $functionchecks = array(
-	'time'             => array('required', 'Date/Time Extension'),
-	'hash'             => array('required',  'Hashing function'),
-	'gzinflate'        => array('required',  'ZLib'),
-	'openssl_sign'     => array('required',  'OpenSSL'),
-	'dom_import_simplexml' => array('required', 'XML DOM'),
-	'preg_match'       => array('required',  'RegEx support'),
-	'json_decode'      => array('required', 'JSON support'),
-	'class_implements' => array('required', 'Standard PHP Library (SPL)'),
-	'mb_strlen'        => array('required', 'Multibyte String Extension'),
-	'curl_init'        => array('optional', 'cURL (required if automatic version checks are used, also by some modules.'),
-	'session_start'  => array('optional', 'Session Extension (required if PHP sessions are used)'),
-	'pdo_drivers'    => array('optional',  'PDO Extension (required if a database backend is used)'),
+    'time'             => array('required', 'Date/Time Extension'),
+    'hash'             => array('required', 'Hashing function'),
+    'gzinflate'        => array('required', 'ZLib'),
+    'openssl_sign'     => array('required', 'OpenSSL'),
+    'dom_import_simplexml' => array('required', 'XML DOM'),
+    'preg_match'       => array('required', 'RegEx support'),
+    'json_decode'      => array('required', 'JSON support'),
+    'class_implements' => array('required', 'Standard PHP Library (SPL)'),
+    'mb_strlen'        => array('required', 'Multibyte String Extension'),
+    'curl_init'        => array('optional', 'cURL (required if automatic version checks are used, also by some modules.'),
+    'session_start'  => array('optional', 'Session Extension (required if PHP sessions are used)'),
+    'pdo_drivers'    => array('optional', 'PDO Extension (required if a database backend is used)'),
 if (SimpleSAML\Module::isModuleEnabled('ldap')) {
-	$functionchecks['ldap_bind'] = array('optional',  'LDAP Extension (required if an LDAP backend is used)');
+    $functionchecks['ldap_bind'] = array('optional', 'LDAP Extension (required if an LDAP backend is used)');
 if (SimpleSAML\Module::isModuleEnabled('radius')) {
-        $functionchecks['radius_auth_open'] = array('optional',  'Radius Extension (required if a Radius backend is used)');
+    $functionchecks['radius_auth_open'] = array('optional', 'Radius Extension (required if a Radius backend is used)');
 $funcmatrix = array();
 $funcmatrix[] = array(
-	'required' => 'required', 
-	'descr' => 'PHP Version >= 5.4. You run: ' . phpversion(),
-	'enabled' => version_compare(phpversion(), '5.4', '>='));
-foreach ($functionchecks AS $func => $descr) {
-	$funcmatrix[] = array('descr' => $descr[1], 'required' => $descr[0], 'enabled' => function_exists($func));
+    'required' => 'required', 
+    'descr' => 'PHP Version >= 5.4. You run: ' . phpversion(),
+    'enabled' => version_compare(phpversion(), '5.4', '>=')
+foreach ($functionchecks as $func => $descr) {
+    $funcmatrix[] = array('descr' => $descr[1], 'required' => $descr[0], 'enabled' => function_exists($func));
 $funcmatrix[] = array(
@@ -144,31 +139,25 @@ $funcmatrix[] = array(
 /* Some basic configuration checks */
-if($config->getString('technicalcontact_email', '') === '') {
-	$mail_ok = FALSE;
+if ($config->getString('technicalcontact_email', '') === '') {
+    $mail_ok = false;
 } else {
-	$mail_ok = TRUE;
+    $mail_ok = true;
 $funcmatrix[] = array(
-	'required' => 'recommended',
-	'descr' => 'technicalcontact_email option set',
-	'enabled' => $mail_ok
-	);
-if($config->getString('auth.adminpassword', '123') === '123') {
-	$password_ok = FALSE;
+    'required' => 'recommended',
+    'descr' => 'technicalcontact_email option set',
+    'enabled' => $mail_ok
+if ($config->getString('auth.adminpassword', '123') === '123') {
+    $password_ok = false;
 } else {
-	$password_ok = TRUE;
+    $password_ok = true;
 $funcmatrix[] = array(
-	'required' => 'required',
-	'descr' => 'auth.adminpassword option set',
-	'enabled' => $password_ok
-$funcmatrix[] = array(
-	'required' => 'recommended',
-	'descr' => 'Magic Quotes should be turned off',
-	'enabled' => (get_magic_quotes_runtime() == 0)
+    'required' => 'required',
+    'descr' => 'auth.adminpassword option set',
+    'enabled' => $password_ok
diff --git a/modules/oauth/lib/Consumer.php b/modules/oauth/lib/Consumer.php
index 8456c85fe..62f1fc4d3 100644
--- a/modules/oauth/lib/Consumer.php
+++ b/modules/oauth/lib/Consumer.php
@@ -43,7 +43,7 @@ class sspmod_oauth_Consumer
-     * This static helper function wraps file_get_contents
+     * This static helper function wraps \SimpleSAML\Utils\HTTP::fetch
      * and throws an exception with diagnostics messages if it appear
      * to be failing on an OAuth endpoint.
@@ -53,18 +53,17 @@ class sspmod_oauth_Consumer
     public static function getHTTP($url, $context = '')
-        $response = @file_get_contents($url);
-        if ($response === false) {
+        try {
+            $response = \SimpleSAML\Utils\HTTP::fetch($url);
+        } catch (\SimpleSAML_Error_Exception $e) {
             $statuscode = 'unknown';
             if (preg_match('/^HTTP.*\s([0-9]{3})/', $http_response_header[0], $matches)) {
                 $statuscode = $matches[1];
             $error = $context . ' [statuscode: ' . $statuscode . ']: ';
-            $contenttype = self::getContentType($http_response_header);
             $oautherror = self::getOAuthError($http_response_header);
             if (!empty($oautherror)) {
                 $error .= $oautherror;
@@ -75,26 +74,6 @@ class sspmod_oauth_Consumer
         return $response;
-    public function getRequestToken($url, $parameters = null)
-    {
-        $req_req = OAuthRequest::from_consumer_and_token($this->consumer, null, "GET", $url, $parameters);
-        $req_req->sign_request($this->signer, $this->consumer, null);
-        $response_req = self::getHTTP($req_req->to_url(), 
-            'Contacting request_token endpoint on the OAuth Provider');
-        parse_str($response_req, $responseParsed);
-        if (array_key_exists('error', $responseParsed)) {
-            throw new Exception('Error getting request token: ' . $responseParsed['error']);
-        }
-        $requestToken = $responseParsed['oauth_token'];
-        $requestTokenSecret = $responseParsed['oauth_token_secret'];
-        return new OAuthToken($requestToken, $requestTokenSecret);
-    }
     public function getAuthorizeRequest($url, $requestToken, $redirect = true, $callback = null)
         $params = array('oauth_token' => $requestToken->key);
@@ -114,8 +93,9 @@ class sspmod_oauth_Consumer
         $acc_req = OAuthRequest::from_consumer_and_token($this->consumer, $requestToken, "GET", $url, $parameters);
         $acc_req->sign_request($this->signer, $this->consumer, $requestToken);
-        $response_acc = file_get_contents($acc_req->to_url());
-        if ($response_acc === false) {
+        try {
+            $response_acc = \SimpleSAML\Utils\HTTP::fetch($acc_req->to_url());
+        } catch (\SimpleSAML_Error_Exception $e) {
             throw new Exception('Error contacting request_token endpoint on the OAuth Provider');
@@ -143,7 +123,7 @@ class sspmod_oauth_Consumer
             'ssl' => array(
                 'verify_peer' => false,
                 'capture_peer_cert' => true,
-                'capture_peer_chain' => true,
+                'capture_peer_chain' => true
             'http' => array(
                 'method' => 'POST',
@@ -151,9 +131,10 @@ class sspmod_oauth_Consumer
                 'header' => 'Content-Type: application/x-www-form-urlencoded',
-        $context = stream_context_create($opts);
-        $response = file_get_contents($url, false, $context);
-        if ($response === false) {
+        try {
+            $response = \SimpleSAML\Utils\HTTP::fetch($url, $opts);
+        } catch (\SimpleSAML_Error_Exception $e) {
             throw new SimpleSAML_Error_Exception('Failed to push definition file to ' . $url);
         return $response;
@@ -167,9 +148,8 @@ class sspmod_oauth_Consumer
         if (is_array($opts)) {
             $opts = stream_context_create($opts);
-        $data = file_get_contents($data_req->to_url(), false, $opts);
+        $data = \SimpleSAML\Utils\HTTP::fetch($data_req->to_url(), $opts);
-        $dataDecoded = json_decode($data, true);
-        return $dataDecoded;
+        return  json_decode($data, true);
diff --git a/modules/oauth/lib/OAuthStore.php b/modules/oauth/lib/OAuthStore.php
index 70823b116..8695b077c 100644
--- a/modules/oauth/lib/OAuthStore.php
+++ b/modules/oauth/lib/OAuthStore.php
@@ -22,11 +22,11 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore
         'nonce' => 'nonce+consumer_key = -boolean-',
         'requesttorequest' => 'requestToken.key = array(version,callback,consumerKey,)',
         'authorized' => 'requestToken.key, verifier = array(authenticated-user-attributes)',
-        'access' => 'accessToken.key+consumerKey = accestoken',
+        'access' => 'accessToken.key+consumerKey = accesstoken',
         'request' => 'requestToken.key+consumerKey = requesttoken',
-    function __construct()
+    public function __construct()
         $this->store = new sspmod_core_Storage_SQLPermanentStorage('oauth');
         $this->config = SimpleSAML_Configuration::getOptionalConfig('module_oauth.php');
@@ -41,18 +41,11 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore
     public function authorize($requestTokenKey, $data)
         $url = null;
-        $verifier = '';
-        $version = $this->defaultversion;
         // See whether to remember values from the original requestToken request:
-        $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, ''); // must be there
+        $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, '');
+        // must be there
         if ($request_attributes['value']) {
-            // establish version to work with
-            $v = $request_attributes['value']['version'];
-            if ($v) {
-                $version = $v; 
-            }
             // establish callback to use
             if ($request_attributes['value']['callback']) {
                 $url = $request_attributes['value']['callback'];
@@ -156,20 +149,20 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore
         $lifetime = $this->config->getValue('requestTokenDuration', 60*30); 
-         $token = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
-         $token->callback = $callback; // OAuth1.0-RevA
-         $this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
+        $token = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
+        $token->callback = $callback; // OAuth1.0-RevA
+        $this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
-         // also store in requestToken->key => array('callback'=>CallbackURL, 'version'=>oauth_version
-         $request_attributes = array(
-             'callback' => $callback, 
-             'version' => ($version?$version:$this->defaultversion),
-             'consumerKey' => $consumer->key,
-         );
-         $this->store->set('requesttorequest', $token->key, '', $request_attributes, $lifetime);
+        // also store in requestToken->key => array('callback'=>CallbackURL, 'version'=>oauth_version
+        $request_attributes = array(
+            'callback' => $callback, 
+            'version' => ($version?$version:$this->defaultversion),
+            'consumerKey' => $consumer->key,
+        );
+        $this->store->set('requesttorequest', $token->key, '', $request_attributes, $lifetime);
-         // also store in requestToken->key => Consumer->key (enables consumer-lookup during reqToken-authorization stage)
-         $this->store->set('requesttoconsumer', $token->key, '', $consumer->key, $lifetime);
+        // also store in requestToken->key => Consumer->key (enables consumer-lookup during reqToken-authorization stage)
+        $this->store->set('requesttoconsumer', $token->key, '', $consumer->key, $lifetime);
         return $token;
@@ -177,9 +170,9 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore
     function new_access_token($requestToken, $consumer, $verifier = null)
         SimpleSAML\Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
-        $accestoken = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
-        $this->store->set('access', $accestoken->key, $consumer->key, $accestoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
-        return $accestoken;
+        $accesstoken = new OAuthToken(SimpleSAML\Utils\Random::generateID(), SimpleSAML\Utils\Random::generateID());
+        $this->store->set('access', $accesstoken->key, $consumer->key, $accesstoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
+        return $accesstoken;
@@ -187,7 +180,8 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore
      * @param $requestTokenKey
      * @return unknown_type
-    public function lookup_consumer_by_requestToken($requestTokenKey) {
+    public function lookup_consumer_by_requestToken($requestTokenKey)
+    {
         SimpleSAML\Logger::info('OAuth lookup_consumer_by_requestToken(' . $requestTokenKey . ')');
         if (!$this->store->exists('requesttorequest', $requestTokenKey, '')) {
             return null;
diff --git a/modules/oauth/libextinc/OAuth.php b/modules/oauth/libextinc/OAuth.php
index 77f085e38..073d9d807 100644
--- a/modules/oauth/libextinc/OAuth.php
+++ b/modules/oauth/libextinc/OAuth.php
@@ -24,14 +24,14 @@ if (!class_exists('OAuthConsumer')) {
         public $key;
         public $secret;
-        function __construct($key, $secret, $callback_url = null)
+        public function __construct($key, $secret, $callback_url = null)
             $this->key = $key;
             $this->secret = $secret;
             $this->callback_url = $callback_url;
-        function __toString()
+        public function __toString()
             return "OAuthConsumer[key=$this->key,secret=$this->secret]";
@@ -48,7 +48,7 @@ class OAuthToken
      * key = the token
      * secret = the token secret
-    function __construct($key, $secret)
+    public function __construct($key, $secret)
         $this->key = $key;
         $this->secret = $secret;
@@ -58,7 +58,7 @@ class OAuthToken
      * generates the basic string serialization of a token that a server
      * would respond to request_token and access_token calls with
-    function to_string()
+    public function to_string()
         return "oauth_token=" .
         OAuthUtil::urlencode_rfc3986($this->key) .
@@ -67,7 +67,7 @@ class OAuthToken
-    function __toString()
+    public function __toString()
         return $this->to_string();
@@ -137,7 +137,7 @@ abstract class OAuthSignatureMethod
 class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
-    function get_name()
+    public function get_name()
         return "HMAC-SHA1";
@@ -276,7 +276,7 @@ class OAuthRequest
     public static $version = '1.0';
     public static $POST_INPUT = 'php://input';
-    function __construct($http_method, $http_url, $parameters = null)
+    public function __construct($http_method, $http_url, $parameters = null)
         $parameters = ($parameters) ? $parameters : array();
         $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
@@ -553,7 +553,7 @@ class OAuthServer
     protected $data_store;
-    function __construct($data_store)
+    public function __construct($data_store)
         $this->data_store = $data_store;
@@ -747,10 +747,11 @@ class OAuthServer
     private function check_timestamp($timestamp)
-        if(!$timestamp)
+        if (!$timestamp) {
             throw new OAuthException(
                 'Missing timestamp parameter. The parameter is required'
+        }
         // verify that timestamp is recentish
         $now = time();
@@ -766,10 +767,11 @@ class OAuthServer
     private function check_nonce($consumer, $token, $nonce, $timestamp)
-        if (!$nonce)
+        if (!$nonce) {
             throw new OAuthException(
                 'Missing nonce parameter. The parameter is required'
+        }
         // verify that the nonce is uniqueish
         $found = $this->data_store->lookup_nonce(
@@ -787,27 +789,27 @@ class OAuthServer
 class OAuthDataStore
-    function lookup_consumer($consumer_key)
+    public function lookup_consumer($consumer_key)
         // implement me
-    function lookup_token($consumer, $token_type, $token)
+    public function lookup_token($consumer, $token_type, $token)
         // implement me
-    function lookup_nonce($consumer, $token, $nonce, $timestamp)
+    public function lookup_nonce($consumer, $token, $nonce, $timestamp)
         // implement me
-    function new_request_token($consumer, $callback = null)
+    public function new_request_token($consumer, $callback = null)
         // return a new token attached to this consumer
-    function new_access_token($token, $consumer, $verifier = null)
+    public function new_access_token($token, $consumer, $verifier = null)
         // return a new access token attached to this consumer
         // for the user associated with this token if the request token
@@ -916,9 +918,11 @@ class OAuthUtil
     // This function takes a input like a=b&a=c&d=e and returns the parsed
     // parameters like this
     // array('a' => array('b','c'), 'd' => 'e')
-    public static function parse_parameters( $input )
+    public static function parse_parameters($input)
-        if (!isset($input) || !$input) return array();
+        if (!isset($input) || !$input) {
+            return array();
+        }
         $pairs = explode('&', $input);
@@ -948,7 +952,9 @@ class OAuthUtil
     public static function build_http_query($params)
-        if (!$params) return '';
+        if (!$params) {
+            return '';
+        }
         // Urlencode both keys and values
         $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));