mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Check both $_SERVER['HTTP_AUTHORIZATION'] and $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] for HTTP Basic authentication headers
This commit is contained in:
parent
2742f46b79
commit
46e61b3448
@ -50,9 +50,19 @@ class BasicAuth {
|
||||
$isRunningTests = (class_exists('SapphireTest', false) && SapphireTest::is_running_test());
|
||||
if(!Security::database_is_ready() || (Director::is_cli() && !$isRunningTests)) return true;
|
||||
|
||||
/*
|
||||
* Enable HTTP Basic authentication workaround for PHP running in CGI mode with Apache
|
||||
* Depending on server configuration the auth header may be in HTTP_AUTHORIZATION or
|
||||
* REDIRECT_HTTP_AUTHORIZATION
|
||||
*
|
||||
* The follow rewrite rule must be in the sites .htaccess file to enable this workaround
|
||||
* RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
*/
|
||||
$authHeader = (isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] :
|
||||
(isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] : null));
|
||||
$matches = array();
|
||||
if (isset($_SERVER['HTTP_AUTHORIZATION']) &&
|
||||
preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
|
||||
if ($authHeader &&
|
||||
preg_match('/Basic\s+(.*)$/i', $authHeader, $matches)) {
|
||||
list($name, $password) = explode(':', base64_decode($matches[1]));
|
||||
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
||||
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
||||
|
Loading…
Reference in New Issue
Block a user