[Tickets #10272] Re: No HTTP_Auth when accessing users *.ics file
bugs at horde.org
bugs at horde.org
Sun Jun 26 18:10:51 UTC 2011
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: http://bugs.horde.org/ticket/10272
------------------------------------------------------------------------------
Ticket | 10272
Aktualisiert Von | michael.groene at zel.uni-hannover.de
Zusammenfassung | No HTTP_Auth when accessing users *.ics file
Warteschlange | Kronolith
Version | Git master
Typ | Bug
Status | Feedback
Priorität | 2. Medium
Milestone |
Patch |
Zuständige |
------------------------------------------------------------------------------
mail at xeroc.org (2011-06-26 11:14) hat geschrieben:
In file framework/Rpc/lib/Horde/Rpc/Webdav.php function ServeRequest()
line 952
I don't understand, why you check for a valid authentication even
before sending the HTTP_Auth header. I would suggest checking for
empty(null passwords) in _check_auth() before handling it with
checkAuth or check_auth().
But I am not a horde developer and so dont see the full picture. I
patched it the following way.
Thanks for further statements.
======================================
diff --git a/framework/Rpc/lib/Horde/Rpc/Webdav.php
b/framework/Rpc/lib/Horde/Rpc/Webdav.php
index 9071c3e..aea3347 100644
--- a/framework/Rpc/lib/Horde/Rpc/Webdav.php
+++ b/framework/Rpc/lib/Horde/Rpc/Webdav.php
@@ -2420,6 +2420,11 @@ class Horde_Rpc_Webdav extends Horde_Rpc
? $this->_SERVER["PHP_AUTH_PW"]
: null;
+ if (is_null($auth_user) ||
+ is_null($auth_pw)) {
+ return false;
+ }
+
if (method_exists($this, "checkAuth")) {
// PEAR style method name
return $this->checkAuth($auth_type, $auth_user, $auth_pw);
======================================
More information about the bugs
mailing list