pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

fix security bug with PHP_AUTH_USER

Browse Source
This commit is contained in:
Thomas Citharel
2015-07-28 15:41:21 +02:00
parent 2098509cb2
commit a506f5b348
2 changed files with 1 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
inc/poche/Poche.class.php
View File

@ -448,7 +448,7 @@ class Poche
$themes = $this->tpl->getInstalledThemes();
$languages = $this->language->getInstalledLanguages();
$token = $this->user->getConfigValue('token');
$http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
$http_auth = isset($_SERVER['REMOTE_USER']);
$only_user = ($this->store->listUsers() > 1) ? false : true;
$https = substr(Tools::getPocheUrl(), 0, 5) == 'https';
$tpl_vars = array(
@ -655,9 +655,6 @@ class Poche
*/
private function credentials()
{
if (isset($_SERVER['PHP_AUTH_USER'])) {
return array($_SERVER['PHP_AUTH_USER'], 'php_auth', true);
}
if (!empty($_POST['login']) && !empty($_POST['password'])) {
return array($_POST['login'], $_POST['password'], false);
}