[Tickets #10272] Re: No HTTP_Auth when accessing users *.ics file

bugs at horde.org bugs at horde.org
Sun Jun 26 11:14:07 UTC 2011


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/10272
------------------------------------------------------------------------------
  Ticket             | 10272
  Updated By         | mail at xeroc.org
  Summary            | No HTTP_Auth when accessing users *.ics file
  Queue              | Kronolith
  Version            | Git master
  Type               | Bug
  State              | Feedback
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


mail at xeroc.org (2011-06-26 11:14) wrote:

In file framework/Rpc/lib/Horde/Rpc/Webdav.php function ServeRequest()  
line 952
I don't understand, why you check for a valid authentication even  
before sending the HTTP_Auth header. I would suggest checking for  
empty(null passwords) in _check_auth() before handling it with  
checkAuth or check_auth().

But I am not a horde developer and so dont see the full picture. I  
patched it the following way.

Thanks for further statements.

======================================
diff --git a/framework/Rpc/lib/Horde/Rpc/Webdav.php  
b/framework/Rpc/lib/Horde/Rpc/Webdav.php
index 9071c3e..aea3347 100644
--- a/framework/Rpc/lib/Horde/Rpc/Webdav.php
+++ b/framework/Rpc/lib/Horde/Rpc/Webdav.php
@@ -2420,6 +2420,11 @@ class Horde_Rpc_Webdav extends Horde_Rpc
              ? $this->_SERVER["PHP_AUTH_PW"]
              : null;

+        if (is_null($auth_user) ||
+            is_null($auth_pw)) {
+            return false;
+        }
+
          if (method_exists($this, "checkAuth")) {
              // PEAR style method name
              return $this->checkAuth($auth_type, $auth_user, $auth_pw);
======================================






More information about the bugs mailing list