github-mirror/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2026-03-27 23:29:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check for empty usernames in ReverseProxyAuthMiddleware (references #2843)

Browse Source
This commit is contained in:
Bernd Bestel 2026-01-13 21:02:30 +01:00
parent bf96ff5b92
commit 2a124a3d47
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
middleware/ReverseProxyAuthMiddleware.php
View File

@ -40,7 +40,7 @@ class ReverseProxyAuthMiddleware extends AuthMiddleware
else
{
$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
if (count($username) !== 1)
if (count($username) !== 1 || (count($username) === 1 && strlen($username[0]) === 0))
{
// Invalid configuration of Proxy
throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid');