diff options
| author | Nils Adermann <naderman@naderman.de> | 2011-08-18 19:15:00 -0400 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2011-08-18 19:15:00 -0400 |
| commit | 052e33823b98ec3e51fdb424937e72dd1f33d11f (patch) | |
| tree | 975749ed51ac43c98940b7dd7b0ed03a9f99d7a6 /phpBB/includes/auth | |
| parent | d06dcd69e60bc3e6eafb4a11dfb1639fa4e4646b (diff) | |
| parent | b05382d226d2c5d68ff5a483d8885f65e754c90d (diff) | |
| download | forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar.gz forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar.bz2 forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.tar.xz forums-052e33823b98ec3e51fdb424937e72dd1f33d11f.zip | |
Merge remote-tracking branch 'github-igorw/feature/request-class' into develop
* github-igorw/feature/request-class:
[feature/request-class] Fix session_testable_factory
[feature/request-class] Adjust code base to do html decoding manually
[feature/request-class] Remove $html_encode arg, force manual decoding
[feature/request-class] Do not html escape user agent in header_filename
[feature/request-class] Make use of the is_secure() method
[feature/request-class] Add is_secure method to request for HTTPS
[feature/request-class] Make server() use the $html_encode parameter
[feature/request-class] Remove useless condition
[feature/request-class] Minor spacing CS adjustments
[feature/request-class] Add server(), header() and is_ajax() to request
Diffstat (limited to 'phpBB/includes/auth')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index a148403c6f..9089703035 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -28,9 +28,9 @@ if (!defined('IN_PHPBB')) */ function init_apache() { - global $user; + global $user, $request; - if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER']) + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER'))) { return $user->lang['APACHE_SETUP_BEFORE_USE']; } @@ -42,7 +42,7 @@ function init_apache() */ function login_apache(&$username, &$password) { - global $db; + global $db, $request; // do not allow empty password if (!$password) @@ -63,7 +63,7 @@ function login_apache(&$username, &$password) ); } - if (!isset($_SERVER['PHP_AUTH_USER'])) + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { return array( 'status' => LOGIN_ERROR_EXTERNAL_AUTH, @@ -72,8 +72,8 @@ function login_apache(&$username, &$password) ); } - $php_auth_user = $_SERVER['PHP_AUTH_USER']; - $php_auth_pw = $_SERVER['PHP_AUTH_PW']; + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -136,15 +136,15 @@ function login_apache(&$username, &$password) */ function autologin_apache() { - global $db; + global $db, $request; - if (!isset($_SERVER['PHP_AUTH_USER'])) + if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { return array(); } - $php_auth_user = $_SERVER['PHP_AUTH_USER']; - $php_auth_pw = $_SERVER['PHP_AUTH_PW']; + $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER')); + $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW')); if (!empty($php_auth_user) && !empty($php_auth_pw)) { @@ -228,11 +228,12 @@ function user_row_apache($username, $password) */ function validate_session_apache(&$user) { + global $request; + // Check if PHP_AUTH_USER is set and handle this case - if (isset($_SERVER['PHP_AUTH_USER'])) + if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER)) { - $php_auth_user = ''; - set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true); + $php_auth_user = $request->server('PHP_AUTH_USER'); return ($php_auth_user === $user['username']) ? true : false; } |