You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by mi...@apache.org on 2013/03/17 18:58:31 UTC

svn commit: r1457504 - /httpd/httpd/trunk/modules/aaa/mod_auth_basic.c

Author: minfrin
Date: Sun Mar 17 17:58:30 2013
New Revision: 1457504

URL: http://svn.apache.org/r1457504
Log:
Remove the Authorization header should either the username or the password
resolve to an empty string.

Modified:
    httpd/httpd/trunk/modules/aaa/mod_auth_basic.c

Modified: httpd/httpd/trunk/modules/aaa/mod_auth_basic.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_basic.c?rev=1457504&r1=1457503&r2=1457504&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_auth_basic.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_auth_basic.c Sun Mar 17 17:58:30 2013
@@ -376,6 +376,9 @@ static int authenticate_basic_fake(reque
     if (!user || !*user) {
         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02458)
                       "AuthBasicFake: empty username expression for URI '%s', ignoring", r->uri);
+
+        apr_table_unset(r->headers_in, "Authorization");
+
         return DECLINED;
     }
 
@@ -388,6 +391,9 @@ static int authenticate_basic_fake(reque
     if (!pass || !*pass) {
         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02459)
                       "AuthBasicFake: empty password expression for URI '%s', ignoring", r->uri);
+
+        apr_table_unset(r->headers_in, "Authorization");
+
         return DECLINED;
     }