What steps will reproduce the problem? 1. Use oauth-php as the server end-point library 2. Make a call with a space character in one of the parameters (which gets form encoded to a "+") 3. see that the verification fails due to the base signature string containing the %2B rather than the %20 for space

revision 102 (committed with comment Oauth 1.0a compatibility) changed this (which works for this case):

return $this->urlencode(urldecode($s));

to be:

return $this->urlencode(rawurldecode($s));

which doesn't change the + at all as the comment on the method suggests it should.

I stumbled into the same issue. Wondered why the change in the code had been made.

Probably removing the transcode function call from the end of the constructor would fix this as well? (Did not try, I made the same change as above.)