diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-09-25 19:57:40 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-09-25 19:57:40 +0200 |
| commit | c4fc291fa78ba620900dfd6106fc8528473f2a54 (patch) | |
| tree | e8d303819baad884ca34cbb1d3673b7dbd35c45e /lib | |
| parent | 7b8c7aaf0d851823f8b602fa875bea9d2f701c2d (diff) | |
| download | nextcloud-server-c4fc291fa78ba620900dfd6106fc8528473f2a54.tar.gz nextcloud-server-c4fc291fa78ba620900dfd6106fc8528473f2a54.zip | |
Passwords containing a ":" don't work with this explode
Thanks to mETz
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/base.php b/lib/base.php index 6b4dd789b2f..f6afc8fe2fe 100644 --- a/lib/base.php +++ b/lib/base.php @@ -303,14 +303,14 @@ class OC{ //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { - list($name, $password) = explode(':', base64_decode($matches[1])); + list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { - list($name, $password) = explode(':', base64_decode($matches[1])); + list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } |