[geeklog-cvs] geeklog: Filter username in webservices authentication
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon Apr 13 12:08:24 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/8e5d4241718e
changeset: 6944:8e5d4241718e
user: Dirk Haun <dirk at haun-online.de>
date: Mon Apr 13 15:20:33 2009 +0200
description:
Filter username in webservices authentication
diffstat:
1 file changed, 3 insertions(+), 2 deletions(-)
system/lib-webservices.php | 5 +++--
diffs (29 lines):
diff -r e585b2e59749 -r 8e5d4241718e system/lib-webservices.php
--- a/system/lib-webservices.php Mon Apr 13 11:52:14 2009 +0200
+++ b/system/lib-webservices.php Mon Apr 13 15:20:33 2009 +0200
@@ -790,7 +790,7 @@
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
- $username = $_SERVER['PHP_AUTH_USER'];
+ $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
if ($WS_VERBOSE) {
@@ -823,7 +823,7 @@
$key = trim($key);
$val = trim($val, "\x22\x27");
if ($key == 'Username') {
- $username = $val;
+ $username = COM_applyBasicFilter($val);
} elseif ($key == 'PasswordDigest') {
$pwdigest = $val;
} elseif ($key == 'Created') {
@@ -866,6 +866,7 @@
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
+ $username = COM_applyBasicFilter($username);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '$username' (via \$_SERVER['REMOTE_USER'])");
More information about the geeklog-cvs
mailing list