aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/poche/Routing.class.php
diff options
context:
space:
mode:
authorThomas Citharel <tcit@tcit.fr>2015-07-28 15:41:21 +0200
committerThomas Citharel <tcit@tcit.fr>2015-07-28 15:41:21 +0200
commita506f5b3481c00949db7bf72903f272a6b8c2954 (patch)
tree26f386eb3472cf51652378aed5a078aaba175f2c /inc/poche/Routing.class.php
parent2098509cb2ea986816e2acd5685c749dc9f02571 (diff)
downloadwallabag-a506f5b3481c00949db7bf72903f272a6b8c2954.tar.gz
wallabag-a506f5b3481c00949db7bf72903f272a6b8c2954.tar.zst
wallabag-a506f5b3481c00949db7bf72903f272a6b8c2954.zip
fix security bug with PHP_AUTH_USER
Diffstat (limited to 'inc/poche/Routing.class.php')
-rwxr-xr-xinc/poche/Routing.class.php9
1 files changed, 0 insertions, 9 deletions
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php
index 33a81435..fb37a838 100755
--- a/inc/poche/Routing.class.php
+++ b/inc/poche/Routing.class.php
@@ -75,15 +75,6 @@ class Routing
75 } elseif (ALLOW_REGISTER && isset($_GET['register'])){ 75 } elseif (ALLOW_REGISTER && isset($_GET['register'])){
76 $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser'], $_POST['newuseremail']); 76 $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser'], $_POST['newuseremail']);
77 Tools::redirect(); 77 Tools::redirect();
78 } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
79 if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) {
80 $this->wallabag->login($this->referer);
81 } else {
82 $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist'));
83 Tools::logm('user doesn\'t exist');
84 $tplFile = Tools::getTplFile('login');
85 $tplVars['http_auth'] = 1;
86 }
87 } elseif(isset($_SERVER['REMOTE_USER'])) { 78 } elseif(isset($_SERVER['REMOTE_USER'])) {
88 if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) { 79 if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) {
89 $this->wallabag->login($this->referer); 80 $this->wallabag->login($this->referer);