aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/auth/auth_apache.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/auth/auth_apache.php')
-rw-r--r--phpBB/includes/auth/auth_apache.php29
1 files changed, 14 insertions, 15 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
index 391e7abb0e..9089703035 100644
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -28,9 +28,9 @@ if (!defined('IN_PHPBB'))
*/
function init_apache()
{
- global $user;
+ global $user, $request;
- if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
+ if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER')))
{
return $user->lang['APACHE_SETUP_BEFORE_USE'];
}
@@ -42,7 +42,7 @@ function init_apache()
*/
function login_apache(&$username, &$password)
{
- global $db;
+ global $db, $request;
// do not allow empty password
if (!$password)
@@ -63,7 +63,7 @@ function login_apache(&$username, &$password)
);
}
- if (!isset($_SERVER['PHP_AUTH_USER']))
+ if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
@@ -72,8 +72,8 @@ function login_apache(&$username, &$password)
);
}
- $php_auth_user = $_SERVER['PHP_AUTH_USER'];
- $php_auth_pw = $_SERVER['PHP_AUTH_PW'];
+ $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+ $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
@@ -136,15 +136,15 @@ function login_apache(&$username, &$password)
*/
function autologin_apache()
{
- global $db;
+ global $db, $request;
- if (!isset($_SERVER['PHP_AUTH_USER']))
+ if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
return array();
}
- $php_auth_user = $_SERVER['PHP_AUTH_USER'];
- $php_auth_pw = $_SERVER['PHP_AUTH_PW'];
+ $php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+ $php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
@@ -228,11 +228,12 @@ function user_row_apache($username, $password)
*/
function validate_session_apache(&$user)
{
+ global $request;
+
// Check if PHP_AUTH_USER is set and handle this case
- if (isset($_SERVER['PHP_AUTH_USER']))
+ if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
{
- $php_auth_user = '';
- set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string', true);
+ $php_auth_user = $request->server('PHP_AUTH_USER');
return ($php_auth_user === $user['username']) ? true : false;
}
@@ -245,5 +246,3 @@ function validate_session_apache(&$user)
return false;
}
-
-?> \ No newline at end of file
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-04 01:17:36 +0000