Browse Source

[mod_auth] skip blank lines and comment lines (fixes #2327)

x-ref:
  "Ignore comments and empty lines in ht{digest,passwd} files"
  https://redmine.lighttpd.net/issues/2327
personal/stbuehler/mod-csrf-old
Glenn Strauss 5 years ago
parent
commit
b47c393e26
  1. 6
      src/http_auth.c
  2. 2
      tests/lighttpd.htpasswd

6
src/http_auth.c

@ -86,6 +86,9 @@ static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer *
char *f_pwd, *f_realm;
size_t u_len, r_len;
/* skip blank lines and comment lines (beginning '#') */
if (f_user[0] == '#' || f_user[0] == '\n' || f_user[0] == '\0') continue;
/*
* htdigest format
*
@ -153,6 +156,9 @@ static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer *
char *f_pwd;
size_t u_len;
/* skip blank lines and comment lines (beginning '#') */
if (f_user[0] == '#' || f_user[0] == '\n' || f_user[0] == '\0') continue;
/*
* htpasswd format
*

2
tests/lighttpd.htpasswd

@ -1,4 +1,6 @@
# some comment
des:12tMnfw882VDQ
md5:$1$md5$kIa7Juuiv8zja0ILQPR36/
sha:{SHA}2PRZAyDhNDqRW2OUFwZQqPNdaSY=
apr-md5:$apr1$w2kLqmDN$uMe8ZCfMRT81wf43Y1hny0
Loading…
Cancel
Save