Merge pull request #1252 from wallabag/securityfix

fix security bug with PHP_AUTH_USER
author: Thomas Citharel <tcit@tcit.fr> 2015-07-30 12:14:55 +0200
committer: Thomas Citharel <tcit@tcit.fr> 2015-07-30 12:14:55 +0200
commit: 392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97 (patch)
tree: 2c912f4dfb752ad726d21731a1a369d54871c7cc /inc/poche/Routing.class.php
parent: ef16095d626dd5c7fe74db86327452b4fac83e5f (diff)
parent: a506f5b3481c00949db7bf72903f272a6b8c2954 (diff)
download: wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.tar.gz
wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.tar.zst
wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.zip
1 files changed, 0 insertions, 9 deletions
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php
index 33a81435..fb37a838 100755
--- a/inc/poche/Routing.class.php
+++ b/inc/poche/Routing.class.php
@@ -75,15 +75,6 @@ class Routing
        } elseif (ALLOW_REGISTER && isset($_GET['register'])){
            $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser'], $_POST['newuseremail']);
            Tools::redirect();
-        } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
-            if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) {
-                $this->wallabag->login($this->referer);
-            } else {
-                $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist'));
-                Tools::logm('user doesn\'t exist');
-                $tplFile = Tools::getTplFile('login');
-                $tplVars['http_auth'] = 1;
-            }
        } elseif(isset($_SERVER['REMOTE_USER'])) {
            if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) {
                $this->wallabag->login($this->referer);
author	Thomas Citharel <tcit@tcit.fr>	2015-07-30 12:14:55 +0200
committer	Thomas Citharel <tcit@tcit.fr>	2015-07-30 12:14:55 +0200
commit	392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97 (patch)
tree	2c912f4dfb752ad726d21731a1a369d54871c7cc /inc/poche/Routing.class.php
parent	ef16095d626dd5c7fe74db86327452b4fac83e5f (diff)
parent	a506f5b3481c00949db7bf72903f272a6b8c2954 (diff)
download	wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.tar.gz wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.tar.zst wallabag-392a37e56a17ef2cc1e1bc02fe9991a56c5a0a97.zip

diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index 33a81435..fb37a838 100755 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php
@@ -75,15 +75,6 @@ class Routing
75	} elseif (ALLOW_REGISTER && isset($_GET['register'])){	75	} elseif (ALLOW_REGISTER && isset($_GET['register'])){
76	$this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser'], $_POST['newuseremail']);	76	$this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser'], $_POST['newuseremail']);
77	Tools::redirect();	77	Tools::redirect();
78	} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
79	if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) {
80	$this->wallabag->login($this->referer);
81	} else {
82	$this->wallabag->messages->add('e', _('login failed: user doesn\'t exist'));
83	Tools::logm('user doesn\'t exist');
84	$tplFile = Tools::getTplFile('login');
85	$tplVars['http_auth'] = 1;
86	}
87	} elseif(isset($_SERVER['REMOTE_USER'])) {	78	} elseif(isset($_SERVER['REMOTE_USER'])) {
88	if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) {	79	if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) {
89	$this->wallabag->login($this->referer);	80	$this->wallabag->login($this->referer);