Hacking to enable HTTP auth with PHP-CGI + Apache suExec. #13411
Conversation
The hacking was proposed by Matthias Blaicher (http://ur1.ca/jfz9v) to access owncloud in Webfaction servers. More informations in Webfaction community support http://ur1.ca/jg37x.
|
This pull request is related to issue #10318. |
|
Thanks a lot for your contribution! Contributions to the core repo require a signed contributors agreement http://owncloud.org/contribute/agreement/ Alternatively you can add a comment here stating that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/ |
|
The inspection completed: 7 new issues, 1 updated code elements |
| @@ -841,6 +841,13 @@ protected static function handleAuthHeaders() { | |||
| break; | |||
| 8000 | } | ||
| } | |||
|
|
|||
| // Set HTTP auth headers for HTTP Authentication with PHP-CGI | |||
| if(isset($_GET['Authorization']) && preg_match('/Basic\s+(.*)$/i', $_GET['Authorization'], $matches)) { | |||
There was a problem hiding this comment.
I'm honestly against doing some magical hacks that involves parsing all Authorization GET parameters globally in base.php
|
That hack should get implemented as own application instead of some magical base.php hack that might very likely lead to problems in other environments. You should create a new application and add that hack to it's app.php – from my PoV this is nothing that belongs in core. |
|
Hi, While I think the solution is safe from a security point of view, it's rather invasive for all other deployments which is why I never pursuited to push it upstream. @LukasReschke Could this actually be done in applications? It would have to modify the way authentication work and also change .htaccess. Without ever having looked into Owncloud apps, I would not have expected them to be that invasive. Regarding licences: Since most of the solution was already circulating around previously on the net I'd consider it MIT or WTFPL. Best, |
|
Hello, I just created the merge request after the request from @DeepDiver1975. Well, is it possible to do it as an app? If yes, please send me some information about app development to owncloud and I will try to do it. Really, I would like stop to apply this patch to each update of my owncloud instance. =) Thanks. |
|
Let me reply to that later… – It's definitely possible to do that as app. |
|
ping |
|
Can one of the admins verify this patch? |
@LukasReschke Yes? |
|
👍 Would love some ideas on how to do this in an app. We could include that here: #10318 |
|
@LukasReschke will come up with an app to handle this ... |
|
Thanks, but please could you ping this bugreport when the app be released? |
|
Any news about the app to fix it? |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
The hacking was proposed by Matthias Blaicher (http://ur1.ca/jfz9v) to access
owncloud in Webfaction servers. More informations in Webfaction community
support http://ur1.ca/jg37x.