wp_populate_basic_auth_from_authorization_header() WordPress Function
The wp_populate_basic_auth_from_authorization_header() function is used to populate the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables from the Authorization header. This is used for HTTP Basic Authentication.
wp_populate_basic_auth_from_authorization_header() #
Populates the Basic Auth server details from the Authorization header.
Description
Some servers running in CGI or FastCGI mode don’t pass the Authorization header on to WordPress. If it’s been rewritten to the HTTP_AUTHORIZATION
header, fill in the proper $_SERVER variables instead.
Source
File: wp-includes/load.php
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | function wp_populate_basic_auth_from_authorization_header() { // If we don't have anything to pull from, return early. if ( ! isset( $_SERVER [ 'HTTP_AUTHORIZATION' ] ) && ! isset( $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ] ) ) { return ; } // If either PHP_AUTH key is already set, do nothing. if ( isset( $_SERVER [ 'PHP_AUTH_USER' ] ) || isset( $_SERVER [ 'PHP_AUTH_PW' ] ) ) { return ; } // From our prior conditional, one of these must be set. $header = isset( $_SERVER [ 'HTTP_AUTHORIZATION' ] ) ? $_SERVER [ 'HTTP_AUTHORIZATION' ] : $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ]; // Test to make sure the pattern matches expected. if ( ! preg_match( '%^Basic [a-z\d/+]*={0,2}$%i' , $header ) ) { return ; } // Removing `Basic ` the token would start six characters in. $token = substr ( $header , 6 ); $userpass = base64_decode ( $token ); list( $user , $pass ) = explode ( ':' , $userpass ); // Now shove them in the proper keys where we're expecting later on. $_SERVER [ 'PHP_AUTH_USER' ] = $user ; $_SERVER [ 'PHP_AUTH_PW' ] = $pass ; } |
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
Version | Description |
---|---|
5.6.0 | Introduced. |