1 files changed, 6 insertions, 6 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
index ff07936b36..9089703035 100644
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -30,7 +30,7 @@ function init_apache()
 {
 	global $user, $request;
 
-	if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== $request->server('PHP_AUTH_USER'))
+	if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER')))
 	{
 		return $user->lang['APACHE_SETUP_BEFORE_USE'];
 	}
@@ -72,8 +72,8 @@ function login_apache(&$username, &$password)
 		);
 	}
 
-	$php_auth_user = $request->server('PHP_AUTH_USER');
-	$php_auth_pw = $request->server('PHP_AUTH_PW');
+	$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+	$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
@@ -143,8 +143,8 @@ function autologin_apache()
 		return array();
 	}
 
-	$php_auth_user = $request->server('PHP_AUTH_USER');
-	$php_auth_pw = $request->server('PHP_AUTH_PW');
+	$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+	$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
@@ -233,7 +233,7 @@ function validate_session_apache(&$user)
 	// Check if PHP_AUTH_USER is set and handle this case
 	if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
 	{
-		$php_auth_user = $request->server('PHP_AUTH_USER', '', true);
+		$php_auth_user = $request->server('PHP_AUTH_USER');
 
 		return ($php_auth_user === $user['username']) ? true : false;
 	}