oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-01 17:38:38 +00:00
Code Wiki Activity

fix security bug with PHP_AUTH_USER

Browse source
This commit is contained in:
Thomas Citharel 2015-07-28 15:41:21 +02:00
parent 2098509cb2
commit a506f5b348
2 changed files with 1 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

9
inc/poche/Routing.class.php
View file

@ -75,15 +75,6 @@ class Routing
} elseif (ALLOW_REGISTER && isset($_GET['register'])){
$this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser'], $_POST['newuseremail']);
Tools::redirect();
} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
if($this->wallabag->store->userExists($_SERVER['PHP_AUTH_USER'])) {
$this->wallabag->login($this->referer);
} else {
$this->wallabag->messages->add('e', _('login failed: user doesn\'t exist'));
Tools::logm('user doesn\'t exist');
$tplFile = Tools::getTplFile('login');
$tplVars['http_auth'] = 1;
}
} elseif(isset($_SERVER['REMOTE_USER'])) {
if($this->wallabag->store->userExists($_SERVER['REMOTE_USER'])) {
$this->wallabag->login($this->referer);