Index: .htaccess =================================================================== RCS file: /cvs/drupal/drupal/.htaccess,v retrieving revision 1.104 diff -u -p -r1.104 .htaccess --- .htaccess 16 Aug 2009 12:10:36 -0000 1.104 +++ .htaccess 30 Dec 2009 03:14:22 -0000 @@ -62,6 +62,9 @@ DirectoryIndex index.php index.html inde RewriteEngine on + # Support HTTP Auth when PHP is running via CGI. + RewriteRule .* - [E=HTTP_AUTH:%{HTTP:Authorization}] + # If your site can be accessed both with and without the 'www.' prefix, you # can use one of the following settings to redirect users to your preferred # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option: Index: includes/bootstrap.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v retrieving revision 1.337 diff -u -p -r1.337 bootstrap.inc --- includes/bootstrap.inc 28 Dec 2009 10:48:51 -0000 1.337 +++ includes/bootstrap.inc 30 Dec 2009 03:14:23 -0000 @@ -491,6 +491,22 @@ function drupal_environment_initialize() $_SERVER['HTTP_HOST'] = ''; } + // Ensure that HTTP Auth headers are passed to PHP running as CGI. + if (!empty($_SERVER['REDIRECT_HTTP_AUTH'])) { + // Split off the authorization type (Basic or Digest). + list($type, $content) = explode(' ', $_SERVER['REDIRECT_HTTP_AUTH'], 2); + if ($type == 'Basic') { + // Basic authentication encodes "user:password" in base64. + list($user, $password) = explode(':', base64_decode($content)); + $_SERVER['PHP_AUTH_USER'] = $user; + $_SERVER['PHP_AUTH_PW'] = $password; + } + elseif ($type == 'Digest') { + // The Digest authentication header should be passed as it is. + $_SERVER['PHP_AUTH_DIGEST'] = $content; + } + } + // Enforce E_ALL, but allow users to set levels not part of E_ALL. error_reporting(E_ALL | error_reporting());