mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Deduplicate user/password extraction from alternative HTTP headers.

This commit is contained in:
Andreas Fischer 2014-07-19 02:06:37 +02:00
parent 038ba1d05d
commit fafed17c60
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/base.php
View File

@ -477,22 +477,20 @@ class OC {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
} }
//set http auth headers for apache+php-cgi work around // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
if (isset($_SERVER['HTTP_AUTHORIZATION']) $httpAuthHeaderServerVars = array(
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches) 'HTTP_AUTHORIZATION', // apache+php-cgi work around
'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative
);
foreach ($httpAuthHeaderServerVars as $httpAuthHeaderServerVar) {
if (isset($_SERVER[$httpAuthHeaderServerVar])
&& preg_match('/Basic\s+(.*)$/i', $_SERVER[$httpAuthHeaderServerVar], $matches)
) { ) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2); list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password); $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
break;
} }
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)
) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
} }
self::initPaths(); self::initPaths();