| commit | 62bf3ac09f90958915554bd2a0c721008a729559 | |
| author | Damien Regad <dregad@mantisbt.org> | |
| Fri, 3 Feb 2023 18:26:40 +0000 (3 19:26 +0100) | ||
| committer | Damien Regad <dregad@mantisbt.org> | |
| Sat, 4 Feb 2023 14:54:34 +0000 (4 15:54 +0100) | ||
| tree | f8ea3963e2e2e825c7a8722fba79def5f170301e | treesnapshot (tar.gz zip) |
| parent | fdda8c3307bccec7b153eb1813a199747734645a | commitdiff |
Check Basic Auth scheme in Authorization header
Prior to this, auth_setup() would simply assume that the Authorization
header was using the Basic auth scheme, but there are other available
ones, which could result in incorrect processing of the header's data.
We now specifically check that we have the `Basic` scheme, and only then
perform the base64_decode to get the username and password.
Prior to this, auth_setup() would simply assume that the Authorization
header was using the Basic auth scheme, but there are other available
ones, which could result in incorrect processing of the header's data.
We now specifically check that we have the `Basic` scheme, and only then
perform the base64_decode to get the username and password.
| inc/auth.php | diffblobblamehistory |