Changes between Initial Version and Version 1 of Ticket #52003
- Timestamp:
- 12/09/2020 08:27:33 PM (3 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #52003 – Description
initial v1 1 wp_validate_application_password only checks for the existence of $_SERVER['PHP_AUTH_USER'] before calling wp_authenticate_application_password with both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'].1 wp_validate_application_password only checks for the existence of `$_SERVER['PHP_AUTH_USER']` before calling wp_authenticate_application_password with both `$_SERVER['PHP_AUTH_USER']` and `$_SERVER['PHP_AUTH_PW']`. 2 2 3 In our environment (using Shibboleth-powered Single Sign-on), $_SERVER['PHP_AUTH_USER'] is already set, but $_SERVER['PHP_AUTH_PW']is not defined.3 In our environment (using Shibboleth-powered Single Sign-on), `$_SERVER['PHP_AUTH_USER']` is already set, but `$_SERVER['PHP_AUTH_PW']` is not defined. 4 4 5 5 I believe that this section: 6 6 {{{ 7 7 // Check that we're trying to authenticate 8 8 if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) { 9 9 return $input_user; 10 10 } 11 11 }}} 12 12 should likely be extended to confirm the presence of both variables before calling wp_authenticate_application_password. 13 13 14 (Of course, I'm also now worried about what other problems we'll run into using PHP_AUTH_USERthe way we are, but that's for another day!)14 (Of course, I'm also now worried about what other problems we'll run into using `PHP_AUTH_USER` the way we are, but that's for another day!)