From acc32f5c58fc0ad6daa44ad6774e7664a9cc0fd4 Mon Sep 17 00:00:00 2001 From: Sebastien Barre Date: Sun, 7 Aug 2016 19:50:23 -0400 Subject: [PATCH 1/3] Work around Apache handling the Authorization: header differently --- lib/Cake/Network/CakeRequest.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/Cake/Network/CakeRequest.php b/lib/Cake/Network/CakeRequest.php index db97a04ea..2669589e4 100644 --- a/lib/Cake/Network/CakeRequest.php +++ b/lib/Cake/Network/CakeRequest.php @@ -397,7 +397,7 @@ class CakeRequest implements ArrayAccess { /** * Get the content type used in this request. - * + * * @return string */ public function contentType() { @@ -748,7 +748,12 @@ class CakeRequest implements ArrayAccess { * @return mixed Either false on no header being set or the value of the header. */ public static function header($name) { - $name = 'HTTP_' . strtoupper(str_replace('-', '_', $name)); + $http_name = 'HTTP_' . strtoupper(str_replace('-', '_', $name)); + if (isset($_SERVER[$http_name])) { + return $_SERVER[$http_name]; + } + // Work around Apache issue handling the "Authorization" header + // differently than other headers. if (isset($_SERVER[$name])) { return $_SERVER[$name]; } From 345375b6b6afbc381c0c2e79763c4845de7e7561 Mon Sep 17 00:00:00 2001 From: Sebastien Barre Date: Sun, 7 Aug 2016 23:08:55 -0400 Subject: [PATCH 2/3] add test --- lib/Cake/Test/Case/Network/CakeRequestTest.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/Cake/Test/Case/Network/CakeRequestTest.php b/lib/Cake/Test/Case/Network/CakeRequestTest.php index 418ef6355..ae4294208 100644 --- a/lib/Cake/Test/Case/Network/CakeRequestTest.php +++ b/lib/Cake/Test/Case/Network/CakeRequestTest.php @@ -148,7 +148,7 @@ class CakeRequestTest extends CakeTestCase { /** * Test the content type method. - * + * * @return void */ public function testContentType() { @@ -1147,11 +1147,13 @@ class CakeRequestTest extends CakeTestCase { $_SERVER['HTTP_X_THING'] = ''; $_SERVER['HTTP_HOST'] = 'localhost'; $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-ca) AppleWebKit/534.8+ (KHTML, like Gecko) Version/5.0 Safari/533.16'; + $_SERVER['ThatOneHeader'] = 'foobar'; $request = new CakeRequest('/', false); $this->assertEquals($_SERVER['HTTP_HOST'], $request->header('host')); $this->assertEquals($_SERVER['HTTP_USER_AGENT'], $request->header('User-Agent')); $this->assertSame('', $request->header('X-thing')); + $this->assertEquals($_SERVER['ThatOneHeader'], $request->header('ThatOneHeader')); } /** From 20a2af8c1632eaf2aeb980161462940ffc82ba3a Mon Sep 17 00:00:00 2001 From: mark_story Date: Tue, 9 Aug 2016 22:06:49 -0400 Subject: [PATCH 3/3] Fix casing issues with Authorization header. We need to check the upper case versions of headers in $_SERVER. Also fix lint issues. --- lib/Cake/Network/CakeRequest.php | 11 ++++++----- lib/Cake/Test/Case/Network/CakeRequestTest.php | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/Cake/Network/CakeRequest.php b/lib/Cake/Network/CakeRequest.php index 2669589e4..fda635e62 100644 --- a/lib/Cake/Network/CakeRequest.php +++ b/lib/Cake/Network/CakeRequest.php @@ -748,12 +748,13 @@ class CakeRequest implements ArrayAccess { * @return mixed Either false on no header being set or the value of the header. */ public static function header($name) { - $http_name = 'HTTP_' . strtoupper(str_replace('-', '_', $name)); - if (isset($_SERVER[$http_name])) { - return $_SERVER[$http_name]; + $name = strtoupper(str_replace('-', '_', $name)); + $httpName = 'HTTP_' . $name; + if (isset($_SERVER[$httpName])) { + return $_SERVER[$httpName]; } - // Work around Apache issue handling the "Authorization" header - // differently than other headers. + // Work around Apache issues where 'Authorization' is not + // passed to PHP. if (isset($_SERVER[$name])) { return $_SERVER[$name]; } diff --git a/lib/Cake/Test/Case/Network/CakeRequestTest.php b/lib/Cake/Test/Case/Network/CakeRequestTest.php index ae4294208..66bd69fc5 100644 --- a/lib/Cake/Test/Case/Network/CakeRequestTest.php +++ b/lib/Cake/Test/Case/Network/CakeRequestTest.php @@ -1147,13 +1147,13 @@ class CakeRequestTest extends CakeTestCase { $_SERVER['HTTP_X_THING'] = ''; $_SERVER['HTTP_HOST'] = 'localhost'; $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-ca) AppleWebKit/534.8+ (KHTML, like Gecko) Version/5.0 Safari/533.16'; - $_SERVER['ThatOneHeader'] = 'foobar'; + $_SERVER['AUTHORIZATION'] = 'foobar'; $request = new CakeRequest('/', false); $this->assertEquals($_SERVER['HTTP_HOST'], $request->header('host')); $this->assertEquals($_SERVER['HTTP_USER_AGENT'], $request->header('User-Agent')); $this->assertSame('', $request->header('X-thing')); - $this->assertEquals($_SERVER['ThatOneHeader'], $request->header('ThatOneHeader')); + $this->assertEquals($_SERVER['AUTHORIZATION'], $request->header('Authorization')); } /**