diff --git a/ChangeLog b/ChangeLog index c8fd4113..ba907cf7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2013-03-23 Christoph Anton Mitterer + * Handle the content of the CGI AUTH_TYPE variable case-insensitively as + defined by RFC 3875 Section 4.1.1. + 2013-03-21 Christoph Anton Mitterer * Changed the pathnames of the debug files to be a bit more FHS compliant. diff --git a/debian/changelog b/debian/changelog index c8c52dcf..ed742c3b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ davical (1.1.2-1) unstable; urgency=low - * New upstream release (closes:#702403, #703290, #703387) + * New upstream release (closes:#702403, #703290, #703383, #703387) * Updated the control file Vcs-* fields to the new addresses of the canonical git upstream repository. diff --git a/inc/HTTPAuthSession.php b/inc/HTTPAuthSession.php index 7cb07356..cee5d0b4 100644 --- a/inc/HTTPAuthSession.php +++ b/inc/HTTPAuthSession.php @@ -114,10 +114,10 @@ class HTTPAuthSession { else if ( isset($c->authenticate_hook['server_auth_type']) && isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) { if ( ( is_array($c->authenticate_hook['server_auth_type']) - && in_array($_SERVER['AUTH_TYPE'], $c->authenticate_hook['server_auth_type']) ) + && in_array( strtolower($_SERVER['AUTH_TYPE']), array_map('strtolower', $c->authenticate_hook['server_auth_type'])) ) || ( !is_array($c->authenticate_hook['server_auth_type']) - && $c->authenticate_hook['server_auth_type'] == $_SERVER['AUTH_TYPE'] ) + && strtolower($c->authenticate_hook['server_auth_type']) == strtolower($_SERVER['AUTH_TYPE']) ) ) { /** * The authentication has happened in the server, and we should accept it.