Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required.
This commit is contained in:
parent
c905d7e9a0
commit
379df1ce3e
@ -267,7 +267,7 @@ class ApiAuthAction extends ApiAction
|
||||
|
||||
$this->access = self::READ_WRITE;
|
||||
|
||||
if (empty($this->auth_user) && $required) {
|
||||
if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
|
||||
|
||||
// basic authentication failed
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user