Check for REDIRECT_REMOTE_USER as well

2021-06-16 19:39:51 +00:00
parent 5e22704f7e
commit 6b3476409a
3 changed files with 14 additions and 3 deletions
--- a/src/Security/BasicAuth.php
+++ b/src/Security/BasicAuth.php
@@ -124,7 +124,7 @@ class BasicAuth
 		// workaround for HTTP-auth in CGI mode
 		if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) {
 			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
-			if (strlen($userpass)) {
+			if (!empty($userpass) && strpos($userpass, ':')) {
 				list($name, $password) = explode(':', $userpass);
 				$_SERVER['PHP_AUTH_USER'] = $name;
 				$_SERVER['PHP_AUTH_PW'] = $password;