Changeset 56804
- Timestamp:
- 10/09/2023 02:47:57 PM (12 months ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/load.php
r56635 r56804 127 127 $userpass = base64_decode( $token ); 128 128 129 list( $user, $pass ) = explode( ':', $userpass ); 129 // There must be at least one colon in the string. 130 if ( ! str_contains( $userpass, ':' ) ) { 131 return; 132 } 133 134 list( $user, $pass ) = explode( ':', $userpass, 2 ); 130 135 131 136 // Now shove them in the proper keys where we're expecting later on. -
trunk/tests/phpunit/tests/auth.php
r56454 r56804 845 845 ); 846 846 } 847 848 /* 849 * @ticket 57512 850 * @covers ::wp_populate_basic_auth_from_authorization_header 851 */ 852 public function tests_basic_http_authentication_with_username_and_password() { 853 // Header passed as "username:password". 854 $_SERVER['HTTP_AUTHORIZATION'] = 'Basic dXNlcm5hbWU6cGFzc3dvcmQ='; 855 856 wp_populate_basic_auth_from_authorization_header(); 857 858 $this->assertSame( $_SERVER['PHP_AUTH_USER'], 'username' ); 859 $this->assertSame( $_SERVER['PHP_AUTH_PW'], 'password' ); 860 } 861 862 /* 863 * @ticket 57512 864 * @covers ::wp_populate_basic_auth_from_authorization_header 865 */ 866 public function tests_basic_http_authentication_with_username_only() { 867 // Malformed header passed as "username" with no password. 868 $_SERVER['HTTP_AUTHORIZATION'] = 'Basic dXNlcm5hbWU='; 869 870 wp_populate_basic_auth_from_authorization_header(); 871 872 $this->assertArrayNotHasKey( 'PHP_AUTH_USER', $_SERVER ); 873 $this->assertArrayNotHasKey( 'PHP_AUTH_PW', $_SERVER ); 874 } 875 876 /* 877 * @ticket 57512 878 * @covers ::wp_populate_basic_auth_from_authorization_header 879 */ 880 public function tests_basic_http_authentication_with_colon_in_password() { 881 // Header passed as "username:pass:word" where password contains colon. 882 $_SERVER['HTTP_AUTHORIZATION'] = 'Basic dXNlcm5hbWU6cGFzczp3b3Jk'; 883 884 wp_populate_basic_auth_from_authorization_header(); 885 886 $this->assertSame( $_SERVER['PHP_AUTH_USER'], 'username' ); 887 $this->assertSame( $_SERVER['PHP_AUTH_PW'], 'pass:word' ); 888 } 847 889 }
Note: See TracChangeset
for help on using the changeset viewer.