Skip to content
Permalink
Browse files

BasicAuthenticate - added check to avoid parsing if "Authorization: B…

…earer <token>" is in place
  • Loading branch information...
nicolabeghin committed Mar 15, 2017
1 parent f5795f0 commit a15c5c7a70bc742a5ba612084619706c5cc6128b
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/Cake/Controller/Component/Auth/BasicAuthenticate.php
@@ -83,7 +83,7 @@ public function authenticate(CakeRequest $request, CakeResponse $response) {
*/
public function getUser(CakeRequest $request) {
if(!isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_SERVER['HTTP_AUTHORIZATION']) && (strlen($_SERVER['HTTP_AUTHORIZATION']) > 0)) {
if (isset($_SERVER['HTTP_AUTHORIZATION']) && strlen($_SERVER['HTTP_AUTHORIZATION']) > 0 && strpos($_SERVER['HTTP_AUTHORIZATION'], 'basic') !== false) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
if(strlen($_SERVER['PHP_AUTH_USER']) === 0 || strlen($_SERVER['PHP_AUTH_PW']) === 0) {
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);

0 comments on commit a15c5c7

Please sign in to comment.
You can’t perform that action at this time.