From 5f743579638dc26f4ca5ea2b45fb5e45de267471 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 15 Jul 2013 11:06:45 +0000 Subject: [PATCH] * WebDAV/CalDAV/CardDAV: fixed basic authentication via redirect-rule to use $_SERVER["REDIRECT_HTTP_AUTHORIZATION"] as it is used by newer Apache versions --- phpgwapi/inc/class.egw_digest_auth.inc.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/phpgwapi/inc/class.egw_digest_auth.inc.php b/phpgwapi/inc/class.egw_digest_auth.inc.php index 6b961350b2..193cc71427 100644 --- a/phpgwapi/inc/class.egw_digest_auth.inc.php +++ b/phpgwapi/inc/class.egw_digest_auth.inc.php @@ -8,6 +8,7 @@ * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] * * Otherwise authentication request will be send over and over again, as password is NOT available to PHP! + * (This makes authentication details available in PHP as $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] * * @link http://www.egroupware.org * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License @@ -80,9 +81,9 @@ class egw_digest_auth $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; // Support for basic auth when using PHP CGI (what about digest auth?) - if (!isset($username) && !empty($_SERVER['Authorization']) && strpos($_SERVER['Authorization'],'Basic ') === 0) + if (!isset($username) && !empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'],'Basic ') === 0) { - $hash = base64_decode(substr($_SERVER['Authorization'],6)); + $hash = base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'],6)); if (strpos($hash, ':') !== false) { list($username, $password) = explode(':', $hash, 2);