Actually, this just got reverted from 1.2.x - I think you'll find this actually breaks 'HTTP AUTH', and that there is confusion behind additional auth types that need to come as part of auth plugins and 'HTTP AUTH'

auth_prepare_password + auth_prepare_username set the username/password that "http auth" deals with - therefore auth_password_match needs to check the password matches, else it's a security risk.

Paul


On Wed, May 15, 2013 at 10:58 AM, GitHub <noreply@github.com> wrote:
  Branch: refs/heads/master-1.2.x
  Home:   https://github.com/mantisbt/mantisbt
  Commit: 4775bff79d4976707e156e18280fa9b83879450d
      https://github.com/mantisbt/mantisbt/commit/4775bff79d4976707e156e18280fa9b83879450d
  Author: Damien Regad <dregad@mantisbt.org>
  Date:   2013-05-15 (Wed, 15 May 2013)

  Changed paths:
    M core/authentication_api.php

  Log Message:
  -----------
  Do not display login dialog when using HTTP_AUTH

Fixes #11084




------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
mantisbt-cvs mailing list
mantisbt-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mantisbt-cvs