avoid broken browser_uid on IE

Internet Explorer 8 (and maybe others) seem to use different capitalization in the ACCEPT_CHARSET header between "normal" requests and AJAX requests. This causes a browser UID mismatch and thus an unecessary reauthentication.
dokuwiki · Oct 18, 2012 · 80b4f37 · 80b4f37
1 parent 88f7f7c
commit 80b4f37
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/inc/auth.php b/inc/auth.php
@@ -299,7 +299,7 @@ function auth_createToken() {
  *
  * This is neither unique nor unfakable - still it adds some
  * security. Using the first part of the IP makes sure
- * proxy farms like AOLs are stil okay.
+ * proxy farms like AOLs are still okay.
  *
  * @author  Andreas Gohr <andi@splitbrain.org>
  *
@@ -313,6 +313,7 @@ function auth_browseruid() {
     $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
     $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
     $uid .= substr($ip, 0, strpos($ip, '.'));
+    $uid = strtolower($uid);
     return md5($uid);
 }