|
|
- From 13c2dc126d8bb4c57273178fc455dab6f02e1efc Mon Sep 17 00:00:00 2001
- From: Alexey Sokolov <alexey+znc@asokolov.org>
- Date: Thu, 16 Apr 2015 01:21:57 +0100
- Subject: [PATCH] Fix rare conflict of HTTP-Basic auth and cookies.
-
- Fix #946
- ---
- src/HTTPSock.cpp | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
- --- a/src/HTTPSock.cpp
- +++ b/src/HTTPSock.cpp
- @@ -122,7 +122,7 @@ void CHTTPSock::ReadLine(const CString&
- sLine.Token(2).Base64Decode(sUnhashed);
- m_sUser = sUnhashed.Token(0, false, ":");
- m_sPass = sUnhashed.Token(1, true, ":");
- - m_bLoggedIn = OnLogin(m_sUser, m_sPass, true);
- + // Postpone authorization attempt until end of headers, because cookies should be read before that, otherwise session id will be overwritten in GetSession()
- } else if (sName.Equals("Content-Length:")) {
- m_uPostLen = sLine.Token(1).ToULong();
- if (m_uPostLen > MAX_POST_SIZE)
- @@ -170,6 +170,14 @@ void CHTTPSock::ReadLine(const CString&
- } else if (sLine.empty()) {
- m_bGotHeader = true;
-
- + if (!m_sUser.empty()) {
- + m_bLoggedIn = OnLogin(m_sUser, m_sPass, true);
- + if (!m_bLoggedIn) {
- + // Error message already was sent
- + return;
- + }
- + }
- +
- if (m_bPost) {
- m_sPostData = GetInternalReadBuffer();
- CheckPost();
|
