From 4d021dc38756e71b5acf0508d528bef73c663a74 Mon Sep 17 00:00:00 2001
From: Clemens Robbenhaar <c.robbenhaar@green-meadows.de>
Date: Wed, 22 Jul 2020 22:03:41 +0200
Subject: [PATCH] remove contingent quotes around the cookie value

in case the cookie value contains separator chars
and the browser follows RFC2965 in sending them,
the value will be enclosed be quotes.

remove the quotes before splitting the cookie value.
(unescaping any quotes in the middle of the value
is not done yet, however)

Fixes #172
---
 share/pnp/application/models/auth_multisite.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/share/pnp/application/models/auth_multisite.php b/share/pnp/application/models/auth_multisite.php
index d4a3b41d..9d713401 100644
--- a/share/pnp/application/models/auth_multisite.php
+++ b/share/pnp/application/models/auth_multisite.php
@@ -56,7 +56,11 @@ private function checkAuthCookie($cookieName) {
             throw new Exception();
         }
 
-        list($username, $issueTime, $cookieHash) = explode(':', $_COOKIE[$cookieName], 3);
+        $cookie = $_COOKIE[$cookieName];
+        if ($cookie[0] == '"') {
+            $cookie = trim($cookie, '"');
+        }
+        list($username, $issueTime, $cookieHash) = explode(':', $cookie, 3);
 
         if($this->authFile == 'htpasswd')
             $users = $this->loadAuthFile($this->htpasswdPath);