From a506f5b3481c00949db7bf72903f272a6b8c2954 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Tue, 28 Jul 2015 15:41:21 +0200
Subject: fix security bug with PHP_AUTH_USER

---
 inc/poche/Poche.class.php   | 5 +----
 inc/poche/Routing.class.php | 9 ---------
 2 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index ea196ce2..9014f455 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -448,7 +448,7 @@ class Poche
                 $themes = $this->tpl->getInstalledThemes();
                 $languages = $this->language->getInstalledLanguages();
                 $token = $this->user->getConfigValue('token');
-                $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
+                $http_auth = isset($_SERVER['REMOTE_USER']);
                 $only_user = ($this->store->listUsers() > 1) ? false : true;
                 $https = substr(Tools::getPocheUrl(), 0, 5) == 'https';
                 $tpl_vars = array(
@@ -655,9 +655,6 @@ class Poche
      */
     private function credentials()
     {
-        if (isset($_SERVER['PHP_AUTH_USER'])) {
-            return array($_SERVER['PHP_AUTH_USER'], 'php_auth', true);
-        }
         if (!empty($_POST['login']) && !empty($_POST['password'])) {
             return array($_POST['login'], $_POST['password'], false);
         }
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php
index 33a81435..fb37a838 100755
--- a/inc/poche/Routing.class.php
+++ b/inc/poche/Routing.class.php
@@ -75,15 +75,6 @@ class Routing
         } elseif (ALLOW_REGISTER && isset($_GET['register'])){
             $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser'], $_POST['newuseremail']);
             Tools::redirect();
-        } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
-            if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) {
-                $this->wallabag->login($this->referer);
-            } else {
-                $this->wallabag->messages->add('e', _('login failed: user doesn\'t exist'));
-                Tools::logm('user doesn\'t exist');
-                $tplFile = Tools::getTplFile('login');
-                $tplVars['http_auth'] = 1;
-            }
         } elseif(isset($_SERVER['REMOTE_USER'])) {
             if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) {
                 $this->wallabag->login($this->referer);
-- 
cgit v1.2.3