[Pkg-owncloud-commits] [owncloud] 41/70: Deduplicate user/password extraction from alternative HTTP headers.

David Prévot taffit at moszumanska.debian.org
Thu Aug 21 17:40:03 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v6.0.5RC1
in repository owncloud.

commit e8be18a8d871792c95ea9983db392c4cce2ac5b1
Author: Andreas Fischer <bantu at owncloud.com>
Date:   Sat Jul 19 02:06:37 2014 +0200

    Deduplicate user/password extraction from alternative HTTP headers.
---
 lib/base.php | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 3c06cc1..9c2f4c1 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -487,22 +487,20 @@ class OC {
 			$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
 		}
 
-		//set http auth headers for apache+php-cgi work around
-		if (isset($_SERVER['HTTP_AUTHORIZATION'])
-			&& preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)
-		) {
-			list($name, $password) = explode(':', base64_decode($matches[1]), 2);
-			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
-			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
-		}
-
-		//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
-		if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
-			&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)
-		) {
-			list($name, $password) = explode(':', base64_decode($matches[1]), 2);
-			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
-			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+		// Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
+		$httpAuthHeaderServerVars = array(
+			'HTTP_AUTHORIZATION', // apache+php-cgi work around
+			'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative
+		);
+		foreach ($httpAuthHeaderServerVars as $httpAuthHeaderServerVar) {
+			if (isset($_SERVER[$httpAuthHeaderServerVar])
+				&& preg_match('/Basic\s+(.*)$/i', $_SERVER[$httpAuthHeaderServerVar], $matches)
+			) {
+				list($name, $password) = explode(':', base64_decode($matches[1]), 2);
+				$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
+				$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+				break;
+			}
 		}
 
 		self::initPaths();

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list