A blank username should never be allowed.

author Zach Copley <zach@status.net>

Wed, 10 Mar 2010 03:39:05 +0000 (03:39 +0000)

committer Zach Copley <zach@status.net>

Wed, 10 Mar 2010 17:57:00 +0000 (09:57 -0800)
author Zach Copley <zach@status.net>
Wed, 10 Mar 2010 03:39:05 +0000 (03:39 +0000)
committer Zach Copley <zach@status.net>
Wed, 10 Mar 2010 17:57:00 +0000 (09:57 -0800)
diff --git a/lib/apiauth.php b/lib/apiauth.php

index f63c84d8f38d768e950c6b65b3b0361bbe45b989..32502399f9f836bbd2d0607440a72200e14f4cd1 100644 (file)
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -241,7 +241,7 @@ class ApiAuthAction extends ApiAction
              $realm = common_config('site', 'name') . ' API';
          }
  
-        if (!isset($this->auth_user_nickname) && $required) {
+        if (empty($this->auth_user_nickname) && $required) {
              header('WWW-Authenticate: Basic realm="' . $realm . '"');
  
              // show error if the user clicks 'cancel'
diff --git a/lib/util.php b/lib/util.php

index da2799d4f92d23766c464b1e15b4c66ab6704217..5bef88ecc1f19896bcfa1cab8f8a9c7396c4ccf8 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -133,6 +133,11 @@ function common_munge_password($password, $id)
  
  function common_check_user($nickname, $password)
  {
+    // empty nickname always unacceptable
+    if (empty($nickname)) {
+        return false;
+    }
+
      $authenticatedUser = false;
  
      if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
author	Zach Copley <zach@status.net>
	Wed, 10 Mar 2010 03:39:05 +0000 (03:39 +0000)
committer	Zach Copley <zach@status.net>
	Wed, 10 Mar 2010 17:57:00 +0000 (09:57 -0800)
lib/apiauth.php		patch \| blob \| history
lib/util.php		patch \| blob \| history