Skip to content
Permalink
Browse files

refactoring to avoid tampering with $_SERVER

  • Loading branch information...
nicolabeghin committed Mar 18, 2017
1 parent ff210b0 commit ca6ca9376ed9a66a100339bd60595eb8efcf68d2
Showing with 6 additions and 6 deletions.
  1. +6 −6 lib/Cake/Controller/Component/Auth/BasicAuthenticate.php
@@ -82,17 +82,17 @@ public function authenticate(CakeRequest $request, CakeResponse $response) {
* @return mixed Either false or an array of user information
*/
public function getUser(CakeRequest $request) {
$username = '';
$pass = '';
if (!isset($_SERVER['PHP_AUTH_USER'])) {
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
} else {
$httpAuthorization = $request->header('Authorization');
if ($httpAuthorization !== false && strlen($httpAuthorization) > 0 && strpos($httpAuthorization, 'basic') !== false) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($httpAuthorization, 6)));
if (strlen($_SERVER['PHP_AUTH_USER']) === 0 || strlen($_SERVER['PHP_AUTH_PW']) === 0) {
unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
list($username, $pass) = explode(':', base64_decode(substr($httpAuthorization, 6)));
}
}
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (!is_string($username) || $username === '' || !is_string($pass) || $pass === '') {
return false;

0 comments on commit ca6ca93

Please sign in to comment.
You can’t perform that action at this time.