summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-03-17 10:52:11 -0700
committerBrion Vibber <brion@pobox.com>2010-03-17 11:04:41 -0700
commit22f827134c3be845494bebd76bda9e4a074e710b (patch)
treeb090bd31e26f76586f58d3810b0d158fb86c0879
parent4761c07ad8d76f7c34d4db53d32d15e806ba1e88 (diff)
Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.
-rw-r--r--htaccess.sample5
-rw-r--r--lib/apiauth.php14
2 files changed, 14 insertions, 5 deletions
diff --git a/htaccess.sample b/htaccess.sample
index 37eb8e01e..18a868698 100644
--- a/htaccess.sample
+++ b/htaccess.sample
@@ -5,6 +5,11 @@
RewriteBase /mublog/
+ ## Uncomment these if having trouble with API authentication
+ ## when PHP is running in CGI or FastCGI mode.
+ #RewriteCond %{HTTP:Authorization} ^(.*)
+ #RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
+
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php?p=$1 [L,QSA]
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 32502399f..17f803a1c 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -294,11 +294,15 @@ class ApiAuthAction extends ApiAction
function basicAuthProcessHeader()
{
- if (isset($_SERVER['AUTHORIZATION'])
- || isset($_SERVER['HTTP_AUTHORIZATION'])
- ) {
- $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])
- ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION'];
+ $authHeaders = array('AUTHORIZATION',
+ 'HTTP_AUTHORIZATION',
+ 'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI
+ $authorization_header = null;
+ foreach ($authHeaders as $header) {
+ if (isset($_SERVER[$header])) {
+ $authorization_header = $_SERVER[$header];
+ break;
+ }
}
if (isset($_SERVER['PHP_AUTH_USER'])) {