[geeklog-cvs] geeklog: Filter username in webservices authentication

[geeklog-cvs at lists.geeklog.net]

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5d4ce27e033e
changeset: 6941:5d4ce27e033e
user:      Dirk Haun <dirk at haun-online.de>
date:      Mon Apr 13 15:20:33 2009 +0200
description:
Filter username in webservices authentication

diffstat:

1 file changed, 3 insertions(+), 2 deletions(-)
system/lib-webservices.php |    5 +++--

diffs (29 lines):

diff -r 0bea4f397e63 -r 5d4ce27e033e system/lib-webservices.php
--- a/system/lib-webservices.php	Sun Apr 12 09:30:19 2009 +0200
+++ b/system/lib-webservices.php	Mon Apr 13 15:20:33 2009 +0200
@@ -782,7 +782,7 @@
     $status = -1;
 
     if (isset($_SERVER['PHP_AUTH_USER'])) {
-        $username = $_SERVER['PHP_AUTH_USER'];
+        $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
         $password = $_SERVER['PHP_AUTH_PW'];
 
         if ($WS_VERBOSE) {
@@ -815,7 +815,7 @@
             $key = trim($key);
             $val = trim($val, "\x22\x27");
             if ($key == 'Username') {
-                $username = $val;
+                $username = COM_applyBasicFilter($val);
             } elseif ($key == 'PasswordDigest') {
                 $pwdigest = $val;
             } elseif ($key == 'Created') {
@@ -858,6 +858,7 @@
 
         list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
         list($username, $password) = explode(':', base64_decode($auth_data));
+        $username = COM_applyBasicFilter($username);
 
         if ($WS_VERBOSE) {
             COM_errorLog("WS: Attempting to log in user '$username' (via \$_SERVER['REMOTE_USER'])");