[wp-trac] [WordPress Trac] #52003: Undefined index: PHP_AUTH_PW /wp-includes/user.php on line 469
WordPress Trac
noreply at wordpress.org
Wed Dec 9 20:24:44 UTC 2020
#52003: Undefined index: PHP_AUTH_PW /wp-includes/user.php on line 469
-----------------------------------+-----------------------------
Reporter: MadtownLems | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Application Passwords | Version: 5.6
Severity: normal | Keywords:
Focuses: |
-----------------------------------+-----------------------------
wp_validate_application_password only checks for the existence of
$_SERVER['PHP_AUTH_USER'] before calling
wp_authenticate_application_password with both $_SERVER['PHP_AUTH_USER']
and $_SERVER['PHP_AUTH_PW'].
In our environment (using Shibboleth-powered Single Sign-on),
$_SERVER['PHP_AUTH_USER'] is already set, but $_SERVER['PHP_AUTH_PW'] is
not defined.
I believe that this section:
// Check that we're trying to authenticate
if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
return $input_user;
}
should likely be extended to confirm the presence of both variables before
calling wp_authenticate_application_password.
(Of course, I'm also now worried about what other problems we'll run into
using PHP_AUTH_USER the way we are, but that's for another day!)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52003>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list