Proxy the BasicAuth authentication header in htaccess_works() so that

if the entire Gallery is behind BasicAuth we share the same credentials as the browser. Fixes #1413.
gallery · Oct 2, 2010 · 161bbb9 · 161bbb9
1 parent 62f1bb0
commit 161bbb9
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
@@ -727,8 +727,18 @@ static function htaccess_works() {
         fclose($fp);
       }
 
-      list ($response) = remote::do_request(url::abs_file("var/security_test/verify"));
-      $works = $response == "HTTP/1.1 200 OK";
+      // Proxy our authorization headers so that if the entire Gallery is covered by Basic Auth
+      // this callback will still work.
+      $headers = array();
+      if (function_exists("apache_request_headers")) {
+        $arh = apache_request_headers();
+        if (!empty($arh["Authorization"])) {
+          $headers["Authorization"] = $arh["Authorization"];
+        }
+      }
+      list ($status, $headers, $body) =
+        remote::do_request(url::abs_file("var/security_test/verify"), "GET", $headers);
+      $works = ($status == "HTTP/1.1 200 OK") && ($body == "success");
     } catch (Exception $e) {
       @dir::unlink(VARPATH . "security_test");
       throw $e;