diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-10-02 16:44:31 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-10-02 16:44:31 -0700 |
| commit | 161bbb9ba3fbc10cada28e4ce384a426cabc02d8 (patch) | |
| tree | 6a8ebebe64e59349832e141171f30ae301b96b51 /modules/gallery/helpers/access.php | |
| parent | 62f1bb06a21c3b07acf8005c30a5d856199d7424 (diff) | |
Proxy the BasicAuth authentication header in htaccess_works() so that
if the entire Gallery is behind BasicAuth we share the same
credentials as the browser. Fixes #1413.
Diffstat (limited to 'modules/gallery/helpers/access.php')
| -rw-r--r-- | modules/gallery/helpers/access.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 52a36298..1a448e4a 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -727,8 +727,18 @@ class access_Core { fclose($fp); } - list ($response) = remote::do_request(url::abs_file("var/security_test/verify")); - $works = $response == "HTTP/1.1 200 OK"; + // Proxy our authorization headers so that if the entire Gallery is covered by Basic Auth + // this callback will still work. + $headers = array(); + if (function_exists("apache_request_headers")) { + $arh = apache_request_headers(); + if (!empty($arh["Authorization"])) { + $headers["Authorization"] = $arh["Authorization"]; + } + } + list ($status, $headers, $body) = + remote::do_request(url::abs_file("var/security_test/verify"), "GET", $headers); + $works = ($status == "HTTP/1.1 200 OK") && ($body == "success"); } catch (Exception $e) { @dir::unlink(VARPATH . "security_test"); throw $e; |