getCredentials returns null if incomplete.

If the colon is missing (in `user:password`), `getCredentials` will return an array of one value instead of null whereas this is incorrect. We then check that the credentials form a pair of two values.
sabre-io · Mar 19, 2015 · c0a71ac · c0a71ac
1 parent c759b9d
commit c0a71ac
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/lib/Auth/Basic.php b/lib/Auth/Basic.php
@@ -37,7 +37,13 @@ function getCredentials() {
             return null;
         }
 
-        return explode(':',base64_decode(substr($auth, 6)), 2);
+        $credentials = explode(':',base64_decode(substr($auth, 6)), 2);
+
+        if (2 !== count($credentials)) {
+            return null;
+        }
+
+        return $credentials;
 
     }