From b82e55356d4ea306b1069ba5acc8878ce18c2abc Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 26 Mar 2010 18:51:01 +0000 Subject: [PATCH] Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required. --- lib/apiauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/apiauth.php b/lib/apiauth.php index 17f803a1ca..e78de618ee 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -267,7 +267,7 @@ class ApiAuthAction extends ApiAction $this->access = self::READ_WRITE; - if (empty($this->auth_user) && $required) { + if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) { // basic authentication failed -- 2.39.5