[Pkg-owncloud-commits] [owncloud] 42/73: Passwords containing a ":" don't work with this explode

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.

commit 292d20595d95f634f1683845e237d01bfaa6ebd1
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Tue Sep 25 19:49:42 2012 +0200

    Passwords containing a ":" don't work with this explode
    
    Thanks to mETz
---
 lib/base.php |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 67f8e77..f949e2a 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -351,7 +351,7 @@ class OC{
 		//set http auth headers for apache+php-cgi work around
 		if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches))
 		{
-			list($name, $password) = explode(':', base64_decode($matches[1]));
+			list($name, $password) = explode(':', base64_decode($matches[1]), 2);
 			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
 			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
 		}
@@ -359,7 +359,7 @@ class OC{
 		//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
 		if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches))
 		{
-			list($name, $password) = explode(':', base64_decode($matches[1]));
+			list($name, $password) = explode(':', base64_decode($matches[1]), 2);
 			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
 			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
 		}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git