From 71a42842f181739366d2937b8d75df980b85c342 Mon Sep 17 00:00:00 2001 From: Rob Thomas Date: Fri, 16 Mar 2018 05:45:46 +0000 Subject: [PATCH] Fix spamadmin undefined value Also changed != to !==, because 's' == 1. Yay PHP. --- htdocs/application/controllers/Spamadmin.php | 21 +++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/htdocs/application/controllers/Spamadmin.php b/htdocs/application/controllers/Spamadmin.php index 6fb8ee1..8b96255 100644 --- a/htdocs/application/controllers/Spamadmin.php +++ b/htdocs/application/controllers/Spamadmin.php @@ -22,10 +22,25 @@ class Spamadmin extends CI_Controller $user = $this->config->item('spamadmin_user'); $pass = $this->config->item('spamadmin_pass'); - // basic auth for fastcgi - list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + // FastCGI doesn't provide PHP_AUTH_USER and PHP_AUTH_PW, apparently? + if (empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW'])) { + if (!empty($_SERVER['HTTP_AUTHORIZATION'])) { + list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); + } + } + + // If they're not set, set them to blank. The null coalesce operator would be handy here, but + // that's PHP 7.0 and higher... + if (empty($_SERVER['PHP_AUTH_USER'])) + { + $_SERVER['PHP_AUTH_USER'] = ""; + } + if (empty($$_SERVER['PHP_AUTH_PW'])) + { + $_SERVER['PHP_AUTH_PW'] = ""; + } - if ($user == '' || $pass == '' || !isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != $user || $_SERVER['PHP_AUTH_PW'] != $pass) + if ($user === '' || $pass === '' || $_SERVER['PHP_AUTH_USER'] !== $user || $_SERVER['PHP_AUTH_PW'] !== $pass) { header('WWW-Authenticate: Basic realm="Spamadmin"'); header('HTTP/1.0 401 Unauthorized');