crackedeggs1
commented
8 years ago Sorry for the sudden close/reopen. Misread the diffs and for a minute there I thought a bad merge occurred. Looks good to go, though.
Closed crackedeggs1 closed 8 years ago
crackedeggs1
commented
8 years ago Sorry for the sudden close/reopen. Misread the diffs and for a minute there I thought a bad merge occurred. Looks good to go, though.
These commits resolve unwanted automatic authentication of users in some cases:
Whenever a PHP error occurs, PHP sends a 200 OK response. This patch fixes that by sending the 401 response for all (catch-able) stop errors. Parse errors are not catch-able, but I have added a warning to the readme about that. This patch also includes a new debug block that should be more resilient to errors and easier to activate without causing errors. This patch also prevents auto-authentication while config.php is missing, or while the SESSION_NAME constant is broken.
Please test.
P.S. I have other fixes to add, but they are unrelated to undesired 200 responses.