From dfc638dd9856e5507e482583c4e7339fcd2bb915 Mon Sep 17 00:00:00 2001
From: Nico B <github@nicoboehr.de>
Date: Mon, 22 Jan 2018 15:12:44 +0100
Subject: [fix] Login: HTTP Auth when internal redirects occur (#1772)

When Apache performs an internal redirect, it stores the username in the
REDIRECT_REMOTE_USER variable instead of REMOTE_USER, breaking HTTP
authentication. For more information, see this Stack Overflow
discussion:
<https://stackoverflow.com/questions/3050444/when-setting-environment-variables-in-apache-rewriterule-directives-what-causes>

This commit first tries REMOTE_USER, as before. If it is not set, it checks whether REDIRECT_REMOTE_USER is set.
---
 lib/lib_rss.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'lib/lib_rss.php')

diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index e9c4da049..215c4c362 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -364,7 +364,15 @@ function get_user_configuration($username) {
 
 
 function httpAuthUser() {
-	return isset($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'] : '';
+	if (isset($_SERVER['REMOTE_USER'])) {
+		return $_SERVER['REMOTE_USER'];
+	}
+
+	if (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
+		return $_SERVER['REDIRECT_REMOTE_USER'];
+	}
+
+	return '';
 }
 
 function cryptAvailable() {
-- 
cgit v1.2.3