[feature/request-class] Adjust code base to do html decoding manually

PHPBB3-9716
2025-08-06 08:47:45 +02:00 · 2011-08-18 23:38:39 +02:00
parent fd08cd8dd0
commit c5cef773c4
10 changed files with 31 additions and 30 deletions
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -30,7 +30,7 @@ function init_apache()
 {
 	global $user, $request;

-	if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== $request->server('PHP_AUTH_USER'))
+	if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER')))
 	{
 		return $user->lang['APACHE_SETUP_BEFORE_USE'];
 	}
@@ -72,8 +72,8 @@ function login_apache(&$username, &$password)
 		);
 	}

-	$php_auth_user = $request->server('PHP_AUTH_USER');
-	$php_auth_pw = $request->server('PHP_AUTH_PW');
+	$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+	$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));

 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
@@ -143,8 +143,8 @@ function autologin_apache()
 		return array();
 	}

-	$php_auth_user = $request->server('PHP_AUTH_USER');
-	$php_auth_pw = $request->server('PHP_AUTH_PW');
+	$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+	$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));

 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
@@ -233,7 +233,7 @@ function validate_session_apache(&$user)
 	// Check if PHP_AUTH_USER is set and handle this case
 	if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
 	{
-		$php_auth_user = $request->server('PHP_AUTH_USER', '', true);
+		$php_auth_user = $request->server('PHP_AUTH_USER');

 		return ($php_auth_user === $user['username']) ? true : false;
 	}