aboutsummaryrefslogtreecommitdiffstats
path: root/lib/base.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/base.php')
-rw-r--r--lib/base.php30
1 files changed, 14 insertions, 16 deletions
diff --git a/lib/base.php b/lib/base.php
index 840d9044711..95e3a30cdee 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -477,22 +477,20 @@ class OC {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
}
- //set http auth headers for apache+php-cgi work around
- if (isset($_SERVER['HTTP_AUTHORIZATION'])
- && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)
- ) {
- list($name, $password) = explode(':', base64_decode($matches[1]), 2);
- $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
- $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
- }
-
- //set http auth headers for apache+php-cgi work around if variable gets renamed by apache
- if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
- && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)
- ) {
- list($name, $password) = explode(':', base64_decode($matches[1]), 2);
- $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
- $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+ // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
+ $httpAuthHeaderServerVars = array(
+ 'HTTP_AUTHORIZATION', // apache+php-cgi work around
+ 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative
+ );
+ foreach ($httpAuthHeaderServerVars as $httpAuthHeaderServerVar) {
+ if (isset($_SERVER[$httpAuthHeaderServerVar])
+ && preg_match('/Basic\s+(.*)$/i', $_SERVER[$httpAuthHeaderServerVar], $matches)
+ ) {
+ list($name, $password) = explode(':', base64_decode($matches[1]), 2);
+ $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
+ $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+ break;
+ }
}
self::initPaths();