diff options
| author | Thomas Citharel <tcit@tcit.fr> | 2015-07-30 12:14:55 +0200 |
|---|---|---|
| committer | Thomas Citharel <tcit@tcit.fr> | 2015-07-30 12:14:55 +0200 |
| commit | 392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97 (patch) | |
| tree | 2c912f4dfb752ad726d21731a1a369d54871c7cc /inc/poche/Poche.class.php | |
| parent | ef16095d626dd5c7fe74db86327452b4fac83e5f (diff) | |
| parent | a506f5b3481c00949db7bf72903f272a6b8c2954 (diff) | |
| download | wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.tar.gz wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.tar.zst wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.zip | |
Merge pull request #1252 from wallabag/securityfix
fix security bug with PHP_AUTH_USER
Diffstat (limited to 'inc/poche/Poche.class.php')
| -rwxr-xr-x | inc/poche/Poche.class.php | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index ea196ce2..9014f455 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
| @@ -448,7 +448,7 @@ class Poche | |||
| 448 | $themes = $this->tpl->getInstalledThemes(); | 448 | $themes = $this->tpl->getInstalledThemes(); |
| 449 | $languages = $this->language->getInstalledLanguages(); | 449 | $languages = $this->language->getInstalledLanguages(); |
| 450 | $token = $this->user->getConfigValue('token'); | 450 | $token = $this->user->getConfigValue('token'); |
| 451 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false; | 451 | $http_auth = isset($_SERVER['REMOTE_USER']); |
| 452 | $only_user = ($this->store->listUsers() > 1) ? false : true; | 452 | $only_user = ($this->store->listUsers() > 1) ? false : true; |
| 453 | $https = substr(Tools::getPocheUrl(), 0, 5) == 'https'; | 453 | $https = substr(Tools::getPocheUrl(), 0, 5) == 'https'; |
| 454 | $tpl_vars = array( | 454 | $tpl_vars = array( |
| @@ -655,9 +655,6 @@ class Poche | |||
| 655 | */ | 655 | */ |
| 656 | private function credentials() | 656 | private function credentials() |
| 657 | { | 657 | { |
| 658 | if (isset($_SERVER['PHP_AUTH_USER'])) { | ||
| 659 | return array($_SERVER['PHP_AUTH_USER'], 'php_auth', true); | ||
| 660 | } | ||
| 661 | if (!empty($_POST['login']) && !empty($_POST['password'])) { | 658 | if (!empty($_POST['login']) && !empty($_POST['password'])) { |
| 662 | return array($_POST['login'], $_POST['password'], false); | 659 | return array($_POST['login'], $_POST['password'], false); |
| 663 | } | 660 | } |