From: Peter Korsgaard <[EMAIL PROTECTED]>
r22315 is wrong - We should send HTTP_UNAUTHORIZED both if there wasn't
an Authorization: header, AND if authorization failed.
Signed-off-by: Peter Korsgaard <[EMAIL PROTECTED]>
---
networking/httpd.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/networking/httpd.c b/networking/httpd.c
index 382893b..f1afc1d 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2043,9 +2043,9 @@ static void handle_incoming_and_exit(const
len_and_sockaddr *fromAddr)
}
#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
- /* Case: no "Authorization:" was seen, but page does require passwd.
- * Check that with dummy user:pass */
- if ((authorized < 0) && check_user_passwd(urlcopy, ":") == 0) {
+ /* invalid user:pass or no "Authorization:" was seen, but page
+ * does require passwd. Check that with dummy user:pass */
+ if ((authorized <= 0) && check_user_passwd(urlcopy, ":") == 0) {
send_headers_and_exit(HTTP_UNAUTHORIZED);
}
#endif
--
1.5.5.1
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
