diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-02-28 10:01:44 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-28 10:01:44 +0100 |
| commit | 42157337cfb2dae72cb11c589bdb1c2db4d19774 (patch) | |
| tree | 332677341dbd93684174cd9ecd403dd18f1c7b82 | |
| parent | dd5a4c960399e1b13c5f5f78e36439dd36e2e0a4 (diff) | |
| parent | 56efd687abf4551d782114175e0ff2567e16aad2 (diff) | |
| download | nextcloud-server-42157337cfb2dae72cb11c589bdb1c2db4d19774.tar.gz nextcloud-server-42157337cfb2dae72cb11c589bdb1c2db4d19774.zip | |
Merge pull request #19613 from nextcloud/enh/19537/undefined-index-password
Check that username and password are present.
| -rw-r--r-- | lib/base.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/base.php b/lib/base.php index b0991307dda..1d944685654 100644 --- a/lib/base.php +++ b/lib/base.php @@ -1077,10 +1077,12 @@ class OC { ); foreach ($vars as $var) { if (isset($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) { - list($name, $password) = explode(':', base64_decode($matches[1]), 2); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - break; + $credentials = explode(':', base64_decode($matches[1]), 2); + if (count($credentials) === 2) { + $_SERVER['PHP_AUTH_USER'] = $credentials[0]; + $_SERVER['PHP_AUTH_PW'] = $credentials[1]; + break; + } } } } |