Fixed some bad or missing URL escaping.

4 files changed, 31 insertions, 35 deletions

diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs
index b99c251..b147040 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs
@@ -58,7 +58,7 @@ namespace DotNetOpenAuth.AspNet.Clients {
 			string userId = response.ExtraData["user_id"];
 			string userName = response.ExtraData["screen_name"];
 
-			string profileRequestUrl = "http://api.twitter.com/1/users/show.xml?user_id=" + Uri.EscapeDataString(userId);
+			string profileRequestUrl = "http://api.twitter.com/1/users/show.xml?user_id=" + MessagingUtilities.EscapeUriDataStringRfc3986(userId);
 			var profileEndpoint = new MessageReceivingEndpoint(profileRequestUrl, HttpDeliveryMethods.GetRequest);
 			HttpWebRequest request = WebWorker.PrepareAuthorizedRequest(profileEndpoint, accessToken);
 
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth2/FacebookClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth2/FacebookClient.cs
index 66140c3..b98989a 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth2/FacebookClient.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth2/FacebookClient.cs
@@ -41,24 +41,22 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		protected override Uri GetServiceLoginUrl(Uri returnUrl) {
 			// Note: Facebook doesn't like us to url-encode the redirect_uri value
 			var builder = new UriBuilder(AuthorizationEndpoint);
-			MessagingUtilities.AppendQueryArgs(builder,
-				new KeyValuePair<string, string>[] {
-                    new KeyValuePair<string, string>("client_id", _appId),
-                    new KeyValuePair<string, string>("redirect_uri", returnUrl.AbsoluteUri)
-                });
+			builder.AppendQueryArgs(new Dictionary<string, string> {
+					{ "client_id", _appId },
+					{ "redirect_uri", returnUrl.AbsoluteUri },
+				});
 			return builder.Uri;
 		}
 
 		protected override string QueryAccessToken(Uri returnUrl, string authorizationCode) {
 			// Note: Facebook doesn't like us to url-encode the redirect_uri value
 			var builder = new UriBuilder(TokenEndpoint);
-			MessagingUtilities.AppendQueryArgs(builder,
-				new KeyValuePair<string, string>[] {
-                    new KeyValuePair<string, string>("client_id", _appId),
-                    new KeyValuePair<string, string>("redirect_uri", returnUrl.AbsoluteUri),
-                    new KeyValuePair<string, string>("client_secret", _appSecret),
-                    new KeyValuePair<string, string>("code", authorizationCode)
-                });
+			builder.AppendQueryArgs(new Dictionary<string, string> {
+				{ "client_id", _appId },
+				{ "redirect_uri", returnUrl.AbsoluteUri },
+				{ "client_secret", _appSecret },
+				{ "code", authorizationCode },
+			});
 
 			using (WebClient client = new WebClient()) {
 				string data = client.DownloadString(builder.Uri);
@@ -67,16 +65,13 @@ namespace DotNetOpenAuth.AspNet.Clients {
 				}
 
 				var parsedQueryString = HttpUtility.ParseQueryString(data);
-				if (parsedQueryString != null) {
-					return parsedQueryString["access_token"];
-				}
+				return parsedQueryString["access_token"];
 			}
-			return null;
 		}
 
 		protected override IDictionary<string, string> GetUserData(string accessToken) {
 			FacebookGraphData graphData;
-			var request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString(accessToken));
+			var request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + MessagingUtilities.EscapeUriDataStringRfc3986(accessToken));
 			using (var response = request.GetResponse()) {
 				using (var responseStream = response.GetResponseStream()) {
 					graphData = JsonHelper.Deserialize<FacebookGraphData>(responseStream);
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth2/WindowsLiveClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth2/WindowsLiveClient.cs
index 35bd490..548d6bd 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth2/WindowsLiveClient.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth2/WindowsLiveClient.cs
@@ -39,13 +39,11 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <param name="returnUrl">The return URL.</param>
 		protected override Uri GetServiceLoginUrl(Uri returnUrl) {
 			var builder = new UriBuilder(AuthorizationEndpoint);
-			MessagingUtilities.AppendQueryArgs(builder,
-				new KeyValuePair<string, string>[]
-				{
-					new KeyValuePair<string, string>("client_id", _appId),
-					new KeyValuePair<string, string>("scope", "wl.basic"),
-					new KeyValuePair<string, string>("response_type", "code"),
-					new KeyValuePair<string, string>("redirect_uri", returnUrl.AbsoluteUri)
+			builder.AppendQueryArgs(new Dictionary<string, string> {
+					{ "client_id", _appId },
+					{ "scope", "wl.basic" },
+					{ "response_type", "code" },
+					{ "redirect_uri", returnUrl.AbsoluteUri },
 				});
 
 			return builder.Uri;
@@ -57,21 +55,24 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <param name="returnUrl">The return URL.</param>
 		/// <param name="authorizationCode">The authorization code.</param>
 		protected override string QueryAccessToken(Uri returnUrl, string authorizationCode) {
-			var builder = new StringBuilder();
-			builder.AppendFormat("client_id={0}", _appId);
-			builder.AppendFormat("&redirect_uri={0}", Uri.EscapeDataString(returnUrl.AbsoluteUri));
-			builder.AppendFormat("&client_secret={0}", _appSecret);
-			builder.AppendFormat("&code={0}", authorizationCode);
-			builder.Append("&grant_type=authorization_code");
+			var entity =
+				MessagingUtilities.CreateQueryString(
+					new Dictionary<string, string> {
+						{ "client_id", _appId },
+						{ "redirect_uri", returnUrl.AbsoluteUri },
+						{ "client_secret", _appSecret },
+						{ "code", authorizationCode },
+						{ "grant_type", "authorization_code" },
+					});
 
 			WebRequest tokenRequest = WebRequest.Create(TokenEndpoint);
 			tokenRequest.ContentType = "application/x-www-form-urlencoded";
-			tokenRequest.ContentLength = builder.Length;
+			tokenRequest.ContentLength = entity.Length;
 			tokenRequest.Method = "POST";
 
 			using (Stream requestStream = tokenRequest.GetRequestStream()) {
 				var writer = new StreamWriter(requestStream);
-				writer.Write(builder.ToString());
+				writer.Write(entity);
 				writer.Flush();
 			}
 
@@ -98,7 +99,7 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// </returns>
 		protected override IDictionary<string, string> GetUserData(string accessToken) {
 			WindowsLiveUserData graph;
-			var request = WebRequest.Create("https://apis.live.net/v5.0/me?access_token=" + Uri.EscapeDataString(accessToken));
+			var request = WebRequest.Create("https://apis.live.net/v5.0/me?access_token=" + MessagingUtilities.EscapeUriDataStringRfc3986(accessToken));
 			using (var response = request.GetResponse()) {
 				using (var responseStream = response.GetResponseStream()) {
 					graph = JsonHelper.Deserialize<WindowsLiveUserData>(responseStream);
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
index 1305620..fbf6b4f 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
@@ -1248,7 +1248,7 @@ namespace DotNetOpenAuth.Messaging {
 			Requires.NotNull(args, "args");
 			Contract.Ensures(Contract.Result<string>() != null);
 
-			if (args.Count() == 0) {
+			if (!args.Any()) {
 				return string.Empty;
 			}
 			StringBuilder sb = new StringBuilder(args.Count() * 10);