A blank username should never be allowed.
This commit is contained in:
parent
8ee8b89dd8
commit
55e8473a7a
|
@ -241,7 +241,7 @@ class ApiAuthAction extends ApiAction
|
|||
$realm = common_config('site', 'name') . ' API';
|
||||
}
|
||||
|
||||
if (!isset($this->auth_user_nickname) && $required) {
|
||||
if (empty($this->auth_user_nickname) && $required) {
|
||||
header('WWW-Authenticate: Basic realm="' . $realm . '"');
|
||||
|
||||
// show error if the user clicks 'cancel'
|
||||
|
|
|
@ -133,6 +133,11 @@ function common_munge_password($password, $id)
|
|||
|
||||
function common_check_user($nickname, $password)
|
||||
{
|
||||
// empty nickname always unacceptable
|
||||
if (empty($nickname)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$authenticatedUser = false;
|
||||
|
||||
if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user