1, When request method is POST 2, All oauth parameters are set in header 3, customized parameters are set in post body 4, content-type is set to something else. (NOT - application/x-www-form-urlencoded)

since the condition is: if ($http_method == "POST" && isset($request_headers['Content-Type']) && strstr($request_headers['Content-Type'], 'application/x-www-form-urlencoded') )

The requirement does not meet, then customized parameters will not be used when calculate the signature. So, the result is : invalid signature.

For now, I have to remove customized parameters in base string when calculate signature.

I think it's a bug, and need be fixed.