diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2019-01-02 21:43:05 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2019-01-02 21:43:05 +0100 |
| commit | 945cf832ad2c20c10704282d03326d8495d0ca4b (patch) | |
| tree | 00b83a1b046d5cfe498e871743c572b826840203 /lib | |
| parent | a6623b7b2fa3f026a0ea30e49b1a221f7a4a8e55 (diff) | |
HTTP authenfication fixes (#2204)
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Minz/Configuration.php | 17 | ||||
| -rw-r--r-- | lib/lib_rss.php | 13 |
2 files changed, 11 insertions, 19 deletions
diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 3e486d68e..aae3accc6 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -27,23 +27,16 @@ class Minz_Configuration { /** * Parse a file and return its data. * - * If the file does not contain a valid PHP code returning an array, an - * empty array is returned anyway. - * * @param $filename the name of the file to parse. * @return an array of values - * @throws Minz_FileNotExistException if the file does not exist. + * @throws Minz_FileNotExistException if the file does not exist or is invalid. */ public static function load($filename) { - if (!file_exists($filename)) { - throw new Minz_FileNotExistException($filename); - } - - $data = include($filename); + $data = @include($filename); if (is_array($data)) { return $data; } else { - return array(); + throw new Minz_FileNotExistException($filename); } } @@ -117,7 +110,7 @@ class Minz_Configuration { $this->default_filename = $default_filename; $this->_configurationSetter($configuration_setter); - if (!is_null($this->default_filename)) { + if ($this->default_filename != null) { $this->data = self::load($this->default_filename); } @@ -126,7 +119,7 @@ class Minz_Configuration { $this->data, self::load($this->config_filename) ); } catch (Minz_FileNotExistException $e) { - if (is_null($this->default_filename)) { + if ($this->default_filename == null) { throw $e; } } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 333920c8c..168309563 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -364,9 +364,9 @@ function get_user_configuration($username) { join_path(FRESHRSS_PATH, 'config-user.default.php')); } catch (Minz_ConfigurationNamespaceException $e) { // namespace already exists, do nothing. - Minz_Log::warning($e->getMessage()); + Minz_Log::warning($e->getMessage(), USERS_PATH . '/_/log.txt'); } catch (Minz_FileNotExistException $e) { - Minz_Log::warning($e->getMessage()); + Minz_Log::warning($e->getMessage(), USERS_PATH . '/_/log.txt'); return null; } @@ -375,14 +375,13 @@ function get_user_configuration($username) { function httpAuthUser() { - if (isset($_SERVER['REMOTE_USER'])) { + if (!empty($_SERVER['REMOTE_USER'])) { return $_SERVER['REMOTE_USER']; - } - - if (isset($_SERVER['REDIRECT_REMOTE_USER'])) { + } elseif (!empty($_SERVER['REDIRECT_REMOTE_USER'])) { return $_SERVER['REDIRECT_REMOTE_USER']; + } elseif (!empty($_SERVER['HTTP_X_WEBAUTH_USER'])) { + return $_SERVER['HTTP_X_WEBAUTH_USER']; } - return ''; } |