[Tickets #10272] Re: No HTTP_Auth when accessing users *.ics file
bugs at horde.org
bugs at horde.org
Sun Jun 26 11:14:07 UTC 2011
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/10272
------------------------------------------------------------------------------
Ticket | 10272
Updated By | mail at xeroc.org
Summary | No HTTP_Auth when accessing users *.ics file
Queue | Kronolith
Version | Git master
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
mail at xeroc.org (2011-06-26 11:14) wrote:
In file framework/Rpc/lib/Horde/Rpc/Webdav.php function ServeRequest()
line 952
I don't understand, why you check for a valid authentication even
before sending the HTTP_Auth header. I would suggest checking for
empty(null passwords) in _check_auth() before handling it with
checkAuth or check_auth().
But I am not a horde developer and so dont see the full picture. I
patched it the following way.
Thanks for further statements.
======================================
diff --git a/framework/Rpc/lib/Horde/Rpc/Webdav.php
b/framework/Rpc/lib/Horde/Rpc/Webdav.php
index 9071c3e..aea3347 100644
--- a/framework/Rpc/lib/Horde/Rpc/Webdav.php
+++ b/framework/Rpc/lib/Horde/Rpc/Webdav.php
@@ -2420,6 +2420,11 @@ class Horde_Rpc_Webdav extends Horde_Rpc
? $this->_SERVER["PHP_AUTH_PW"]
: null;
+ if (is_null($auth_user) ||
+ is_null($auth_pw)) {
+ return false;
+ }
+
if (method_exists($this, "checkAuth")) {
// PEAR style method name
return $this->checkAuth($auth_type, $auth_user, $auth_pw);
======================================
More information about the bugs
mailing list