From: Michael <heluecht@pirati.ca>
Date: Sun, 22 Jan 2023 14:44:57 +0000 (+0000)
Subject: Fetch data from basic auth when one of the parameters is missing
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=575fb524385231961ebb49654eab0cb5d0ed2a49;p=friendica.git

Fetch data from basic auth when one of the parameters is missing
---

diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php
index 6f68215cc6..ecb65048d0 100644
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@@ -60,7 +60,7 @@ class Token extends BaseApi
 			$authorization = $_SERVER['REDIRECT_REMOTE_USER'] ?? '';
 		}
 
-		if (empty($request['client_id']) && substr($authorization, 0, 6) == 'Basic ') {
+		if ((empty($request['client_id']) || empty($request['client_secret'])) && substr($authorization, 0, 6) == 'Basic ') {
 			// Per RFC2617, usernames can't contain a colon but password can,
 			// so we cut on the first colon to obtain the username and the password
 			// @see https://www.rfc-editor.org/rfc/rfc2617#section-2