Skip to content

Commit

Permalink
Merge branch 'release-2.2' into develop
Browse files Browse the repository at this point in the history
* release-2.2:
  Prevent empty HTTP_MODAUTH from succeeding
  • Loading branch information
opengeek committed Jun 4, 2013
2 parents 84f3012 + c0f7266 commit a0c3527
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions core/docs/changelog.txt
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ development release, and is only shown to give an idea of what's currently in th

MODX Revolution 2.2.8-pl (June 4, 2013)
====================================
- Prevent empty HTTP_MODAUTH from succeeding
- [#9450] Prevent non-existent Context initialization
- [#9896] Improve performance of modTemplateVar::getRenderDirectories()
- [#9859] Prevent conditional output filter recursion
Expand Down
4 changes: 2 additions & 2 deletions core/model/modx/modconnectorresponse.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ function __construct(modX & $modx) {
*
* {@inheritdoc}
*/
public function outputContent(array $options = array()) {
public function outputContent(array $options = array()) {
/* variable pointer for easier access */
$modx =& $this->modx;

Expand All @@ -96,7 +96,7 @@ public function outputContent(array $options = array()) {
$isLogin = $target == 'login';

/* ensure headers are sent for proper authentication */
if (!$isLogin && !isset($_SERVER['HTTP_MODAUTH']) && !isset($_REQUEST['HTTP_MODAUTH'])) {
if (!$isLogin && !isset($_SERVER['HTTP_MODAUTH']) && (!isset($_REQUEST['HTTP_MODAUTH']) || empty($_REQUEST['HTTP_MODAUTH']))) {
$this->responseCode = 401;
$this->body = $modx->error->failure($modx->lexicon('access_denied'),array('code' => 401));

Expand Down

0 comments on commit a0c3527

Please sign in to comment.