diff options
| author | Igor Wiedler <igor@wiedler.ch> | 2011-08-18 23:38:39 +0200 |
|---|---|---|
| committer | Igor Wiedler <igor@wiedler.ch> | 2011-08-18 23:44:30 +0200 |
| commit | c5cef773c4811d2041c56a9c34da94a30f8190e1 (patch) | |
| tree | d3286beea76cbb7edc85732f6ccb2c4ea9fb4245 /phpBB/includes/auth/auth_apache.php | |
| parent | fd08cd8dd013c0d1bf8e18611f798c6987d9de9c (diff) | |
| download | forums-c5cef773c4811d2041c56a9c34da94a30f8190e1.tar forums-c5cef773c4811d2041c56a9c34da94a30f8190e1.tar.gz forums-c5cef773c4811d2041c56a9c34da94a30f8190e1.tar.bz2 forums-c5cef773c4811d2041c56a9c34da94a30f8190e1.tar.xz forums-c5cef773c4811d2041c56a9c34da94a30f8190e1.zip | |
[feature/request-class] Adjust code base to do html decoding manually
PHPBB3-9716
Diffstat (limited to 'phpBB/includes/auth/auth_apache.php')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index ff07936b36..9089703035 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -30,7 +30,7 @@ function init_apache() { global $user, $request; - if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== $request->server('PHP_AUTH_USER')) + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) { return $user->lang['APACHE_SETUP_BEFORE_USE']; } @@ -72,8 +72,8 @@ function login_apache(&$username, &$password) ); } - $php_auth_user = $request->server('PHP_AUTH_USER'); - $php_auth_pw = $request->server('PHP_AUTH_PW'); + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -143,8 +143,8 @@ function autologin_apache() return array(); } - $php_auth_user = $request->server('PHP_AUTH_USER'); - $php_auth_pw = $request->server('PHP_AUTH_PW'); + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -233,7 +233,7 @@ function validate_session_apache(&$user) // Check if PHP_AUTH_USER is set and handle this case if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { - $php_auth_user = $request->server('PHP_AUTH_USER', '', true); + $php_auth_user = $request->server('PHP_AUTH_USER'); return ($php_auth_user === $user['username']) ? true : false; } |