From b1ef984526f462a2c2132ab34a039490bceeb836 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sat, 12 Aug 2006 01:58:58 +0000 Subject: - auto sync attachment topic flag [Bug #2949] - corrected paths for templates stored in the db and filenames displayed in the template editor [Bug #3662] - removed some useless language strings [Bug #3648] - corrected escaping of usernames and passwords in auth modules [Bug #3696], added ldap_escape git-svn-id: file:///svn/phpbb/trunk@6266 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/auth/auth_apache.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/auth/auth_apache.php') diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 8556fb5707..3ee0f1347f 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -121,6 +121,9 @@ function autologin_apache() if (!empty($php_auth_user) && !empty($php_auth_pw)) { + set_var($php_auth_user, $php_auth_user, 'string'); + set_var($php_auth_pw, $php_auth_pw, 'string'); + $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; @@ -190,7 +193,15 @@ function user_row_apache($username, $password) */ function validate_session_apache(&$user) { - return (isset($_SERVER['PHP_AUTH_USER']) && ($_SERVER['PHP_AUTH_USER'] === $user['username'])) ? true : false; + if (!isset($_SERVER['PHP_AUTH_USER'])) + { + return false; + } + + $php_auth_user = ''; + set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string'); + + return ($php_auth_user === $user['username']) ? true : false; } ?> \ No newline at end of file -- cgit v1.2.1