From e47b150805aebae6640377a54ab48235ba4fb04b Mon Sep 17 00:00:00 2001 From: bohwaz Date: Tue, 22 Nov 2022 15:10:03 +0000 Subject: [PATCH] Always ask for auth when anonymous read and write is disabled FossilOrigin-Name: e977a431246b2cbe13d6795c6201f24cfe770113d7a1f223b80400090e4d74e3 --- index.php | 32 ++++++++++++++++++++++++-------- server.php | 28 ++++++++++++++++++++++------ 2 files changed, 46 insertions(+), 14 deletions(-) diff --git a/index.php b/index.php index ee4fef4..ca693e5 100644 --- a/index.php +++ b/index.php @@ -1784,14 +1784,30 @@ namespace PicoDAV return $out; } - function error(WebDAV_Exception $e) + public function route(?string $uri = null): bool + { + if (!ANONYMOUS_WRITE && !ANONYMOUS_READ) { + $this->requireAuth(); + return true; + } + + return parent::route($uri); + } + + protected function requireAuth(): void + { + if ($this->storage->auth()) { + return; + } + + http_response_code(401); + header('WWW-Authenticate: Basic realm="Please login"'); + echo '

Error 401

You need to login to access this.

'; + } + + public function error(WebDAV_Exception $e) { if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) { - $user = $_SERVER['PHP_AUTH_USER'] ?? null; - - http_response_code(401); - header('WWW-Authenticate: Basic realm="Please login"'); - echo '

Error 401

You need to login to access this.

'; return; } @@ -1851,11 +1867,11 @@ RewriteRule ^.*$ /index.php [END] $fp = fopen(__FILE__, 'r'); if ($relative_uri == '.webdav/webdav.js') { - fseek($fp, 49803, SEEK_SET); + fseek($fp, 50046, SEEK_SET); echo fread($fp, 27769); } else { - fseek($fp, 49803 + 27769, SEEK_SET); + fseek($fp, 50046 + 27769, SEEK_SET); echo fread($fp, 6988); } diff --git a/server.php b/server.php index 0c394a0..8fe4a72 100644 --- a/server.php +++ b/server.php @@ -508,14 +508,30 @@ namespace PicoDAV return $out; } - function error(WebDAV_Exception $e) + public function route(?string $uri = null): bool + { + if (!ANONYMOUS_WRITE && !ANONYMOUS_READ) { + $this->requireAuth(); + return true; + } + + return parent::route($uri); + } + + protected function requireAuth(): void + { + if ($this->storage->auth()) { + return; + } + + http_response_code(401); + header('WWW-Authenticate: Basic realm="Please login"'); + echo '

Error 401

You need to login to access this.

'; + } + + public function error(WebDAV_Exception $e) { if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) { - $user = $_SERVER['PHP_AUTH_USER'] ?? null; - - http_response_code(401); - header('WWW-Authenticate: Basic realm="Please login"'); - echo '

Error 401

You need to login to access this.

'; return; }