wp_populate_basic_auth_from_authorization_header()
云策文档标注
概述
wp_populate_basic_auth_from_authorization_header() 函数用于从 HTTP_AUTHORIZATION 或 REDIRECT_HTTP_AUTHORIZATION 头中提取 Basic Auth 信息,并填充到 $_SERVER 变量中,以解决某些服务器环境下 Authorization 头未正确传递的问题。
关键要点
- 函数检查 $_SERVER['HTTP_AUTHORIZATION'] 或 $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] 是否存在,若不存在则提前返回。
- 如果 $_SERVER['PHP_AUTH_USER'] 或 $_SERVER['PHP_AUTH_PW'] 已设置,函数不执行任何操作。
- 函数验证头格式是否符合 Basic Auth 模式,并解码 Base64 令牌以提取用户名和密码。
- 提取的用户名和密码被设置到 $_SERVER['PHP_AUTH_USER'] 和 $_SERVER['PHP_AUTH_PW'] 中,供后续使用。
代码示例
function wp_populate_basic_auth_from_authorization_header() {
// If we don't have anything to pull from, return early.
if ( ! isset( $_SERVER['HTTP_AUTHORIZATION'] ) && ! isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) ) {
return;
}
// If either PHP_AUTH key is already set, do nothing.
if ( isset( $_SERVER['PHP_AUTH_USER'] ) || isset( $_SERVER['PHP_AUTH_PW'] ) ) {
return;
}
// From our prior conditional, one of these must be set.
$header = isset( $_SERVER['HTTP_AUTHORIZATION'] ) ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
// Test to make sure the pattern matches expected.
if ( ! preg_match( '%^Basic [a-zd/+]*={0,2}$%i', $header ) ) {
return;
}
// Removing `Basic ` the token would start six characters in.
$token = substr( $header, 6 );
$userpass = base64_decode( $token );
// There must be at least one colon in the string.
if ( ! str_contains( $userpass, ':' ) ) {
return;
}
list( $user, $pass ) = explode( ':', $userpass, 2 );
// Now shove them in the proper keys where we're expecting later on.
$_SERVER['PHP_AUTH_USER'] = $user;
$_SERVER['PHP_AUTH_PW'] = $pass;
}注意事项
- 此函数在 WordPress 5.6.0 版本中引入,主要用于处理 CGI 或 FastCGI 模式下服务器未传递 Authorization 头的情况。
- 函数依赖于 $_SERVER 变量,确保在调用前相关头信息已正确设置。
- 如果 Basic Auth 令牌格式无效或解码失败,函数将静默返回,不设置任何 $_SERVER 变量。
原文内容
Populates the Basic Auth server details from the Authorization header.
Description
Some servers running in CGI or FastCGI mode don’t pass the Authorization header on to WordPress. If it’s been rewritten to the HTTP_AUTHORIZATION header, fill in the proper $_SERVER variables instead.
Source
function wp_populate_basic_auth_from_authorization_header() {
// If we don't have anything to pull from, return early.
if ( ! isset( $_SERVER['HTTP_AUTHORIZATION'] ) && ! isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) ) {
return;
}
// If either PHP_AUTH key is already set, do nothing.
if ( isset( $_SERVER['PHP_AUTH_USER'] ) || isset( $_SERVER['PHP_AUTH_PW'] ) ) {
return;
}
// From our prior conditional, one of these must be set.
$header = isset( $_SERVER['HTTP_AUTHORIZATION'] ) ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
// Test to make sure the pattern matches expected.
if ( ! preg_match( '%^Basic [a-zd/+]*={0,2}$%i', $header ) ) {
return;
}
// Removing `Basic ` the token would start six characters in.
$token = substr( $header, 6 );
$userpass = base64_decode( $token );
// There must be at least one colon in the string.
if ( ! str_contains( $userpass, ':' ) ) {
return;
}
list( $user, $pass ) = explode( ':', $userpass, 2 );
// Now shove them in the proper keys where we're expecting later on.
$_SERVER['PHP_AUTH_USER'] = $user;
$_SERVER['PHP_AUTH_PW'] = $pass;
}
Changelog
| Version | Description |
|---|---|
| 5.6.0 | Introduced. |