diff options
| author |  Inverle <inverle@proton.me>
| 2025-06-30 09:51:31 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-06-30 09:51:31 +0200 |
| commit | 7d9fc0ce0c31f22457485a9ff33e0839aaca1254 (patch) | |
| tree | ce18c5704f3e814c716ad851c8410086b4bd1b41 /lib | |
| parent | 0bca0d8afcf2509d7b227450450d66c5348e9e1a (diff) | |
Fix multiple auth headers bug (#7703)
Fix https://github.com/FreshRSS/FreshRSS/issues/7699
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/lib_rss.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 9d315a26d..196ab06a4 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -856,7 +856,7 @@ function checkTrustedIP(): bool { } function httpAuthUser(bool $onlyTrusted = true): string { - $auths = array_intersect_key($_SERVER, ['REMOTE_USER' => '', 'REDIRECT_REMOTE_USER' => '', 'HTTP_REMOTE_USER' => '', 'HTTP_X_WEBAUTH_USER' => '']); + $auths = array_unique(array_intersect_key($_SERVER, ['REMOTE_USER' => '', 'REDIRECT_REMOTE_USER' => '', 'HTTP_REMOTE_USER' => '', 'HTTP_X_WEBAUTH_USER' => ''])); if (count($auths) > 1) { Minz_Log::warning('Multiple HTTP authentication headers!'); return ''; |