Fix casing issues with Authorization header.

We need to check the upper case versions of headers in $_SERVER.
Also fix lint issues.
This commit is contained in:
mark_story 2016-08-09 22:06:49 -04:00
parent 345375b6b6
commit 20a2af8c16
2 changed files with 8 additions and 7 deletions

View file

@ -748,12 +748,13 @@ class CakeRequest implements ArrayAccess {
* @return mixed Either false on no header being set or the value of the header.
*/
public static function header($name) {
$http_name = 'HTTP_' . strtoupper(str_replace('-', '_', $name));
if (isset($_SERVER[$http_name])) {
return $_SERVER[$http_name];
$name = strtoupper(str_replace('-', '_', $name));
$httpName = 'HTTP_' . $name;
if (isset($_SERVER[$httpName])) {
return $_SERVER[$httpName];
}
// Work around Apache issue handling the "Authorization" header
// differently than other headers.
// Work around Apache issues where 'Authorization' is not
// passed to PHP.
if (isset($_SERVER[$name])) {
return $_SERVER[$name];
}

View file

@ -1147,13 +1147,13 @@ class CakeRequestTest extends CakeTestCase {
$_SERVER['HTTP_X_THING'] = '';
$_SERVER['HTTP_HOST'] = 'localhost';
$_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-ca) AppleWebKit/534.8+ (KHTML, like Gecko) Version/5.0 Safari/533.16';
$_SERVER['ThatOneHeader'] = 'foobar';
$_SERVER['AUTHORIZATION'] = 'foobar';
$request = new CakeRequest('/', false);
$this->assertEquals($_SERVER['HTTP_HOST'], $request->header('host'));
$this->assertEquals($_SERVER['HTTP_USER_AGENT'], $request->header('User-Agent'));
$this->assertSame('', $request->header('X-thing'));
$this->assertEquals($_SERVER['ThatOneHeader'], $request->header('ThatOneHeader'));
$this->assertEquals($_SERVER['AUTHORIZATION'], $request->header('Authorization'));
}
/**