Always ask for auth when anonymous read and write is disabled

FossilOrigin-Name: e977a431246b2cbe13d6795c6201f24cfe770113d7a1f223b80400090e4d74e3
This commit is contained in:
bohwaz 2022-11-22 15:10:03 +00:00
parent 971424b0cf
commit e47b150805
2 changed files with 46 additions and 14 deletions

View file

@ -1784,14 +1784,30 @@ namespace PicoDAV
return $out; return $out;
} }
function error(WebDAV_Exception $e) public function route(?string $uri = null): bool
{ {
if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) { if (!ANONYMOUS_WRITE && !ANONYMOUS_READ) {
$user = $_SERVER['PHP_AUTH_USER'] ?? null; $this->requireAuth();
return true;
}
return parent::route($uri);
}
protected function requireAuth(): void
{
if ($this->storage->auth()) {
return;
}
http_response_code(401); http_response_code(401);
header('WWW-Authenticate: Basic realm="Please login"'); header('WWW-Authenticate: Basic realm="Please login"');
echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>'; echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>';
}
public function error(WebDAV_Exception $e)
{
if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) {
return; return;
} }
@ -1851,11 +1867,11 @@ RewriteRule ^.*$ /index.php [END]
$fp = fopen(__FILE__, 'r'); $fp = fopen(__FILE__, 'r');
if ($relative_uri == '.webdav/webdav.js') { if ($relative_uri == '.webdav/webdav.js') {
fseek($fp, 49803, SEEK_SET); fseek($fp, 50046, SEEK_SET);
echo fread($fp, 27769); echo fread($fp, 27769);
} }
else { else {
fseek($fp, 49803 + 27769, SEEK_SET); fseek($fp, 50046 + 27769, SEEK_SET);
echo fread($fp, 6988); echo fread($fp, 6988);
} }

View file

@ -508,14 +508,30 @@ namespace PicoDAV
return $out; return $out;
} }
function error(WebDAV_Exception $e) public function route(?string $uri = null): bool
{ {
if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) { if (!ANONYMOUS_WRITE && !ANONYMOUS_READ) {
$user = $_SERVER['PHP_AUTH_USER'] ?? null; $this->requireAuth();
return true;
}
return parent::route($uri);
}
protected function requireAuth(): void
{
if ($this->storage->auth()) {
return;
}
http_response_code(401); http_response_code(401);
header('WWW-Authenticate: Basic realm="Please login"'); header('WWW-Authenticate: Basic realm="Please login"');
echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>'; echo '<h2>Error 401</h2><h1>You need to login to access this.</h1>';
}
public function error(WebDAV_Exception $e)
{
if ($e->getCode() == 403 && !$this->storage->auth() && count($this->storage->users)) {
return; return;
} }