From 60009227f724e67b0205ae9eb77306107f2e4681 Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Fri, 26 Mar 2010 18:51:01 +0000
Subject: [PATCH] Return an http auth error, when a client sends in an invalid
 auth user, even when http auth is not required.

---
 lib/apiauth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/apiauth.php b/lib/apiauth.php
index 17f803a1ca..e78de618ee 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -267,7 +267,7 @@ class ApiAuthAction extends ApiAction
 
             $this->access = self::READ_WRITE;
 
-            if (empty($this->auth_user) && $required) {
+            if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
 
                 // basic authentication failed
 
-- 
2.39.2