summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-03-10 03:39:05 +0000
committerZach Copley <zach@status.net>2010-03-10 03:39:05 +0000
commit7f2253759ccdc5ab8698c447b29762314883db1a (patch)
tree6e864f8384b243ece5e24ace177a32f1ddcc97c8 /lib
parent60e0f0426133544eaaea7ff84da5f02ca86bd8cc (diff)
A blank username should never be allowed.
Diffstat (limited to 'lib')
-rw-r--r--lib/apiauth.php2
-rw-r--r--lib/util.php5
2 files changed, 6 insertions, 1 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index f63c84d8f..32502399f 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -241,7 +241,7 @@ class ApiAuthAction extends ApiAction
$realm = common_config('site', 'name') . ' API';
}
- if (!isset($this->auth_user_nickname) && $required) {
+ if (empty($this->auth_user_nickname) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
diff --git a/lib/util.php b/lib/util.php
index 76639e2d4..44ccc0def 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -159,6 +159,11 @@ function common_munge_password($password, $id)
function common_check_user($nickname, $password)
{
+ // empty nickname always unacceptable
+ if (empty($nickname)) {
+ return false;
+ }
+
$authenticatedUser = false;
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {