adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactoring to avoid tampering with $_SERVER

Browse source
This commit is contained in:
Nicola Beghin 2017-03-18 13:34:26 +01:00
parent ff210b04d7
commit ca6ca9376e
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
lib/Cake/Controller/Component/Auth/BasicAuthenticate.php
View file

@ -82,17 +82,17 @@ class BasicAuthenticate extends BaseAuthenticate {
* @return mixed Either false or an array of user information
*/
public function getUser(CakeRequest $request) {
$username = '';
$pass = '';
if (!isset($_SERVER['PHP_AUTH_USER'])) {
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
} else {
$httpAuthorization = $request->header('Authorization');
if ($httpAuthorization !== false && strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'basic') !== false) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($httpAuthorization, 6)));
if (strlen($_SERVER['PHP_AUTH_USER']) === 0 || strlen($_SERVER['PHP_AUTH_PW']) === 0) {
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
list($username, $pass) = explode(':', base64_decode(substr($httpAuthorization, 6)));
}
}
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (!is_string($username) || $username === '' || !is_string($pass) || $pass === '') {
return false;