[fix] Login: HTTP Auth when internal redirects occur (#1772)

When Apache performs an internal redirect, it stores the username in the REDIRECT_REMOTE_USER variable instead of REMOTE_USER, breaking HTTP authentication. For more information, see this Stack Overflow discussion: <https://stackoverflow.com/questions/3050444/when-setting-environment-variables-in-apache-rewriterule-directives-what-causes> This commit first tries REMOTE_USER, as before. If it is not set, it checks whether REDIRECT_REMOTE_USER is set.
author: Nico B <github@nicoboehr.de> 2018-01-22 15:12:44 +0100
committer: Frans de Jonge <fransdejonge@gmail.com> 2018-01-22 15:12:44 +0100
commit: dfc638dd9856e5507e482583c4e7339fcd2bb915 (patch)
tree: 1ca6485c7c039a68e64cf9163d3015080182f49f /lib
parent: b285a83c6561cc50f53af3f854c34c0d7fba3ebe (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index e9c4da049..215c4c362 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -364,7 +364,15 @@ function get_user_configuration($username) {
 
 
 function httpAuthUser() {
-	return isset($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'] : '';
+	if (isset($_SERVER['REMOTE_USER'])) {
+		return $_SERVER['REMOTE_USER'];
+	}
+
+	if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
+		return $_SERVER['REDIRECT_REMOTE_USER'];
+	}
+
+	return '';
 }
 
 function cryptAvailable() {
author	Nico B <github@nicoboehr.de>	2018-01-22 15:12:44 +0100
committer	Frans de Jonge <fransdejonge@gmail.com>	2018-01-22 15:12:44 +0100
commit	dfc638dd9856e5507e482583c4e7339fcd2bb915 (patch)
tree	1ca6485c7c039a68e64cf9163d3015080182f49f /lib
parent	b285a83c6561cc50f53af3f854c34c0d7fba3ebe (diff)