adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

BasicAuthenticate - added check to avoid parsing if "Authorization: Bearer <token>" is in place

Browse source
This commit is contained in:
Nicola Beghin 2017-03-15 14:08:17 +01:00
parent f5795f05a5
commit a15c5c7a70
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/Cake/Controller/Component/Auth/BasicAuthenticate.php
View file

@ -83,7 +83,7 @@ class BasicAuthenticate extends BaseAuthenticate {
*/ */
public function getUser(CakeRequest $request) { public function getUser(CakeRequest $request) {
if(!isset($_SERVER['PHP_AUTH_USER'])) { if(!isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_SERVER['HTTP_AUTHORIZATION']) && (strlen($_SERVER['HTTP_AUTHORIZATION']) > 0)) { if (isset($_SERVER['HTTP_AUTHORIZATION']) && strlen($_SERVER['HTTP_AUTHORIZATION']) > 0 && strpos($_SERVER['HTTP_AUTHORIZATION'], 'basic') !== false) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if(strlen($_SERVER['PHP_AUTH_USER']) === 0 || strlen($_SERVER['PHP_AUTH_PW']) === 0) { if(strlen($_SERVER['PHP_AUTH_USER']) === 0 || strlen($_SERVER['PHP_AUTH_PW']) === 0) {
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);