POST data included in signature when content type is "multipart/form-data" about oauth-php HOT 4 OPEN

I see that that behavior was changed at some point, in the code there is a 
comment:

>  Get the body of a POST with multipart/form-data by Edison tsai on 16:52 
2010/09/16

The original code was using a separate signature for the request body, per 
discussion with Eran et al.
See also https://groups.google.com/forum/#!topic/oauth/rNA2R0ZJQCo
And http://www.marcworrell.com/article-3130-en.html

Maybe you can check the reasons behind Edison Tsai's commit?

Thanks for finding the previous discussions: 
https://groups.google.com/forum/#!topic/oauth/rNA2R0ZJQCo
And http://www.marcworrell.com/article-3130-en.html

However they seem to be about allowing extended signing of body content above 
and beyond oauth standard signing. They were implemented in a separate class 
OAuthRequestVerifier.php in the verifyExtended method. These discussions were 
had in April 2008. The check-in from Edison Tsai seems to be unrelated to the 
extended verification.

The check-in looks to be a helpful change from what was there, which just throw 
an exception. There doesn't seem to be a lot of information about the Issue 81 
or commit 165. However it does not conform to the specs.

Would you be happy with some sort of flag that would make the behaviour act as 
it does currently and then apply the change?

Sounds good to me. Maybe the best default behavior is to stick with the specs, 
and an option to switch to Tsai's additions.

Finally found time to create the updated patch.

The flag by default is in-line with the spec.

The backwards compatibility maybe enabled by passing to the OAuthServer options 
parameter:
array (
'sign_body_of_multipart_request' => true
)

Looking at the code this was the cleanest way I could see that fits with the 
coding style/conventions.

Hope this is acceptable