Passwords containing a ":" don't work with this explode
Thanks to mETz
This commit is contained in:
parent
7b8c7aaf0d
commit
c4fc291fa7
|
@ -303,14 +303,14 @@ class OC{
|
||||||
|
|
||||||
//set http auth headers for apache+php-cgi work around
|
//set http auth headers for apache+php-cgi work around
|
||||||
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
|
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
|
||||||
list($name, $password) = explode(':', base64_decode($matches[1]));
|
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
|
||||||
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
||||||
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
||||||
}
|
}
|
||||||
|
|
||||||
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
|
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
|
||||||
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
|
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
|
||||||
list($name, $password) = explode(':', base64_decode($matches[1]));
|
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
|
||||||
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
||||||
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue