We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 55e8473a authored by Zach Copley's avatar Zach Copley

A blank username should never be allowed.

parent 8ee8b89d
......@@ -241,7 +241,7 @@ class ApiAuthAction extends ApiAction
$realm = common_config('site', 'name') . ' API';
}
if (!isset($this->auth_user_nickname) && $required) {
if (empty($this->auth_user_nickname) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
......
......@@ -133,6 +133,11 @@ function common_munge_password($password, $id)
function common_check_user($nickname, $password)
{
// empty nickname always unacceptable
if (empty($nickname)) {
return false;
}
$authenticatedUser = false;
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment