From 161bbb9ba3fbc10cada28e4ce384a426cabc02d8 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 2 Oct 2010 16:44:31 -0700
Subject: Proxy the BasicAuth authentication header in htaccess_works() so that
 if the entire Gallery is behind BasicAuth we share the same credentials as
 the browser.  Fixes #1413.

---
 modules/gallery/helpers/access.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 52a36298..1a448e4a 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -727,8 +727,18 @@ class access_Core {
         fclose($fp);
       }
 
-      list ($response) = remote::do_request(url::abs_file("var/security_test/verify"));
-      $works = $response == "HTTP/1.1 200 OK";
+      // Proxy our authorization headers so that if the entire Gallery is covered by Basic Auth
+      // this callback will still work.
+      $headers = array();
+      if (function_exists("apache_request_headers")) {
+        $arh = apache_request_headers();
+        if (!empty($arh["Authorization"])) {
+          $headers["Authorization"] = $arh["Authorization"];
+        }
+      }
+      list ($status, $headers, $body) =
+        remote::do_request(url::abs_file("var/security_test/verify"), "GET", $headers);
+      $works = ($status == "HTTP/1.1 200 OK") && ($body == "success");
     } catch (Exception $e) {
       @dir::unlink(VARPATH . "security_test");
       throw $e;
-- 
cgit v1.2.3