diff options
| author | Zach Copley <zach@status.net> | 2010-03-10 03:39:05 +0000 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2010-03-10 03:39:05 +0000 |
| commit | 7f2253759ccdc5ab8698c447b29762314883db1a (patch) | |
| tree | 6e864f8384b243ece5e24ace177a32f1ddcc97c8 /lib | |
| parent | 60e0f0426133544eaaea7ff84da5f02ca86bd8cc (diff) | |
A blank username should never be allowed.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/apiauth.php | 2 | ||||
| -rw-r--r-- | lib/util.php | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php index f63c84d8f..32502399f 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -241,7 +241,7 @@ class ApiAuthAction extends ApiAction $realm = common_config('site', 'name') . ' API'; } - if (!isset($this->auth_user_nickname) && $required) { + if (empty($this->auth_user_nickname) && $required) { header('WWW-Authenticate: Basic realm="' . $realm . '"'); // show error if the user clicks 'cancel' diff --git a/lib/util.php b/lib/util.php index 76639e2d4..44ccc0def 100644 --- a/lib/util.php +++ b/lib/util.php @@ -159,6 +159,11 @@ function common_munge_password($password, $id) function common_check_user($nickname, $password) { + // empty nickname always unacceptable + if (empty($nickname)) { + return false; + } + $authenticatedUser = false; if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { |