Source: davical
Version: 1.1.1-1
Severity: minor
Tags: patch upstream
Hi.
This is analogous to #703381.
The CGI specification (https://tools.ietf.org/html/rfc3875#section-4.1.1)
defines the
AUTH_TYPE variable to be case-insensitive.
Currently this is not supported by awl.
Attached is a patch that corrects this (please check it for mistakes)
I've tried it... and it seems to work.
Cheers,
Chris.
btw: This patch is needed for the auth system for caldav.php, the patch on awl
is needed for
the auth system for the davical admin interface.
Index: davical/inc/HTTPAuthSession.php
===================================================================
--- davical.orig/inc/HTTPAuthSession.php 2012-03-16 00:54:58.000000000 +0100
+++ davical/inc/HTTPAuthSession.php 2013-03-19 00:54:04.744586930 +0100
@@ -114,10 +114,10 @@
else if ( isset($c->authenticate_hook['server_auth_type'])
&& isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
if ( ( is_array($c->authenticate_hook['server_auth_type'])
- && in_array($_SERVER['AUTH_TYPE'], $c->authenticate_hook['server_auth_type']) )
+ && in_array( strtolower($_SERVER['AUTH_TYPE']), array_map('strtolower', $c->authenticate_hook['server_auth_type'])) )
||
( !is_array($c->authenticate_hook['server_auth_type'])
- && $c->authenticate_hook['server_auth_type'] == $_SERVER['AUTH_TYPE'] )
+ && strtolower($c->authenticate_hook['server_auth_type']) == strtolower($_SERVER['AUTH_TYPE']) )
) {
/**
* The authentication has happened in the server, and we should accept it.