commit 20e37fdb3ded4749207e8cfb74a1f8aa572b289d
parent 6d2a7b9e85b978f7d1c75e709fc1e8dacf16067c
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 5 Jan 2012 21:02:21 +0000
partial fix for #2059
Diffstat:
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+Thu Jan 5 22:01:37 CET 2012
+ Partial fix for #2059, digest authentication with GET arguments. -CG
+
Thu Dec 1 15:22:57 CET 2011
Updated authorization_example.c to actually demonstrate the current
MHD API. -SG
diff --git a/src/daemon/digestauth.c b/src/daemon/digestauth.c
@@ -518,13 +518,16 @@ MHD_digest_auth_check(struct MHD_Connection *connection,
* exceeds `nonce_timeout' then the nonce is
* invalid.
*/
- if (t > nonce_time + nonce_timeout)
+ if ( (t > nonce_time + nonce_timeout) ||
+ (0 != strncmp (uri,
+ connection->url,
+ strlen (connection->url))) )
return MHD_INVALID_NONCE;
calculate_nonce (nonce_time,
connection->method,
connection->daemon->digest_auth_random,
connection->daemon->digest_auth_rand_size,
- uri,
+ connection->url,
realm,
noncehashexp);
/*
