Basic Auth uses a colon (":") to separate the username and
password values. Using the php 'explode' function on this
string without limiting the number of substrings returned
can truncate the users password if it contains a colon.
By limiting the explode to 2, we get back the username and
whatever else is left as the password (hence not truncated).
* In places where the CGI variable REMOTE_USER is read, support alternatively
REDIRECT_REMOTE_USER, which is used by the Apache HTTPD Server instead, when a
redirect was used.
Note: This alone is not enough yet, to fully support it in DAViCal. An analogous
change (commit 29ddd89baaf65bda2560e51665a2e761abef4147) is necessary in
AWL.
If output buffering is turned on, PHP can be a bit slack about sending
the data to the client before closing the connection with exit(). These
changes ensure we call ob_flush() before we leave. We call @ob_flush()
so we don't get noisy warnings when output buffering is off...
MacOS X 10.6 Addressbook cannot login to CardDav account. This
is caused by a bug in Addressbook URL parsing and cannot be
fixed on the client side. To allow "user@domainname" users to
login as "user" I created a patch which solves this problem
on server side.
There is a new configuration option:
$c->login_append_domain_if_missing
and if it is set to 1, then the "@$c->domain_name" is appended
to user login (before the authentication) if it not
contains @ character.
From 'mate' on IRC.
This is a significant refactoring, replacing the old getUserBy*()
functions with a new Principal class, and replacing the old
CalDAVPrincipal class with a new DAVPrincipal class which extends
the Principal class.
At this point all regression tests pass (again) but there could
well be issues for people who use alternative authenticators
such as LDAP, although I have endeavoured to resolve those
potential issues.
Signed-off-by: Andrew McMillan <andrew@morphoss.com>
