From b2665af72cdba76ca409b7e00e150746f2f83ced Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Mon, 27 Dec 2010 22:53:18 +0100
Subject: [PATCH] Handle renamed authorization variables

Sometimes (when using rewriting with the workaround for CGI mode
described at
http://www.besthostratings.com/articles/http-auth-php-cgi.html) the
HTTP_AUTHORIZATION variable is renamed, this change detects this
renaming and uses the renamed variable.
---
 inc/auth.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/inc/auth.php b/inc/auth.php
index 5cdcec830..38d1c925d 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -70,6 +70,12 @@ function auth_setup(){
     $_REQUEST['http_credentials'] = false;
     if (!$conf['rememberme']) $_REQUEST['r'] = false;
 
+    // handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like
+    // the one presented at
+    // http://www.besthostratings.com/articles/http-auth-php-cgi.html is used
+    // for enabling HTTP authentication with CGI/SuExec)
+    if(isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
+        $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
     // streamline HTTP auth credentials (IIS/rewrite -> mod_php)
     if(isset($_SERVER['HTTP_AUTHORIZATION'])){
         list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) =
-- 
GitLab