diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2025-03-12 12:40:31 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2025-03-12 12:40:31 +0100 |
| commit | 0a302752e755cf33d4d0dea11f5f447a87ec2996 (patch) | |
| tree | d060b5472d81d2c996321d6e6220a2f84a4c225f /inc | |
| parent | abf4130250187c87078040fe0f38454aef22447e (diff) | |
| download | dokuwiki-0a302752e755cf33d4d0dea11f5f447a87ec2996.tar.gz dokuwiki-0a302752e755cf33d4d0dea11f5f447a87ec2996.zip | |
treat getallheaders more suspiciously. fixes #4415
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/auth.php | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/inc/auth.php b/inc/auth.php index 9c95ade10..e62aff020 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -190,11 +190,18 @@ function auth_tokenlogin() global $auth; if (!$auth) return false; - // get the headers, either from Apache or from $_SERVER + $headers = []; + + // try to get the headers from Apache if (function_exists('getallheaders')) { - $headers = array_change_key_case(getallheaders()); - } else { - $headers = []; + $headers = getallheaders(); + if (is_array($headers)) { + $headers = array_change_key_case($headers); + } + } + + // get the headers from $_SERVER + if (!$headers) { foreach ($_SERVER as $key => $value) { if (substr($key, 0, 5) === 'HTTP_') { $headers[strtolower(substr($key, 5))] = $value; |