aboutsummaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorSimon McVittie <smcv@debian.org>2017-05-14 14:44:43 +0100
committerSimon McVittie <smcv@debian.org>2017-05-14 15:37:45 +0100
commit31c89db246a2e4704e3d4c3784c5406fbd084bb6 (patch)
tree7b70561571723693e4f3ab1d7f0d59ac447829c9 /debian
parent59daf36cb2dfa289814fd89778f6c0000b6d870a (diff)
downloadikiwiki-31c89db246a2e4704e3d4c3784c5406fbd084bb6.tar
ikiwiki-31c89db246a2e4704e3d4c3784c5406fbd084bb6.tar.gz
httpauth: If REMOTE_USER is empty, behave as though it was unset
A frequently cut-and-pasted HTTP basic authentication configuration for nginx sets it to the empty string when not authenticated, which is not useful.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog3
1 files changed, 3 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index d3576c528..005c811d3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ ikiwiki (3.20170112) UNRELEASED; urgency=medium
* t/git-cgi.t: Wait 1 second before doing a revert that should work.
This hopefully fixes a race condition in which the test failed
around 6% of the time. (Closes: 862494)
+ * Guard against set-but-empty REMOTE_USER CGI variable on
+ misconfigured nginx servers, and in general treat sessions with
+ a set-but-empty name as if they were not signed in.
-- Simon McVittie <smcv@debian.org> Sun, 14 May 2017 15:34:52 +0100