diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-07-22 15:06:23 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-07-22 15:06:23 +0200 |
| commit | 8ed6adaf852b46a427d151cc72fdf74b0c002866 (patch) | |
| tree | ed42d317b9291493803e67a1fadccff76e809c26 | |
| parent | 5565eabb8170cf5ad5c0e38ea2014371d8de4ba5 (diff) | |
| parent | 1c16d012ab34b8965c1b6d558e534a471f40d518 (diff) | |
| download | nextcloud-server-8ed6adaf852b46a427d151cc72fdf74b0c002866.tar.gz nextcloud-server-8ed6adaf852b46a427d151cc72fdf74b0c002866.zip | |
Merge pull request #9738 from owncloud/remove-uneeded-strip
Remove uneeded strip_tags
| -rw-r--r-- | lib/base.php | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/lib/base.php b/lib/base.php index 840d9044711..730cee5231d 100644 --- a/lib/base.php +++ b/lib/base.php @@ -472,28 +472,7 @@ class OC { @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); - //copy http auth headers for apache+php-fcgid work around - if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { - $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; - } - - //set http auth headers for apache+php-cgi work around - if (isset($_SERVER['HTTP_AUTHORIZATION']) - && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches) - ) { - list($name, $password) = explode(':', base64_decode($matches[1]), 2); - $_SERVER['PHP_AUTH_USER'] = strip_tags($name); - $_SERVER['PHP_AUTH_PW'] = strip_tags($password); - } - - //set http auth headers for apache+php-cgi work around if variable gets renamed by apache - if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) - && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches) - ) { - list($name, $password) = explode(':', base64_decode($matches[1]), 2); - $_SERVER['PHP_AUTH_USER'] = strip_tags($name); - $_SERVER['PHP_AUTH_PW'] = strip_tags($password); - } + self::handleAuthHeaders(); self::initPaths(); if (OC_Config::getValue('instanceid', false)) { @@ -814,6 +793,27 @@ class OC { return false; } + protected static function handleAuthHeaders() { + //copy http auth headers for apache+php-fcgid work around + if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; + } + + // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary. + $vars = array( + 'HTTP_AUTHORIZATION', // apache+php-cgi work around + 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative + ); + foreach ($vars as $var) { + if (isset($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) { + list($name, $password) = explode(':', base64_decode($matches[1]), 2); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + break; + } + } + } + protected static function handleLogin() { OC_App::loadApps(array('prelogin')); $error = array(); |