Skip to content

Commit

Permalink
fix: Authorization header can be an empty string
Browse files Browse the repository at this point in the history 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
  • Loading branch information
@juliushaertl
juliushaertl committed Jun 27, 2024
1 parent 00aa8f5 commit cd3cad0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion apps/dav/lib/Connector/Sabre/Auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ private function auth(RequestInterface $request, ResponseInterface $response): a
//Fix for broken webdav clients
($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
//Well behaved clients that only send the cookie are allowed
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null) ||
($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && empty($request->getHeader('Authorization'))) ||

Check notice

Code scanning / Psalm

PossiblyNullReference Note

Cannot call method getUID on possibly null value

Check notice

Code scanning / Psalm

RiskyTruthyFalsyComparison Note

Operand of type null|string contains type string, which can be falsy and truthy. This can cause possibly unexpected behavior. Use strict comparison instead.
\OC_User::handleApacheAuth()
) {
$user = $this->userSession->getUser()->getUID();
Expand Down

0 comments on commit cd3cad0

Please sign in to comment.