From 1b3e655f89e233c27d36c8618ef37dd820c580f6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 23 May 2022 08:42:16 +0300
Subject: [PATCH] use CURLAUTH_BASIC by default for password-protected feeds,
 keeping CURLAUTH_ANY as a fallback in case we got a 403.

---
 classes/urlhelper.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/classes/urlhelper.php b/classes/urlhelper.php
index 92e7f90df..bb51f5d06 100644
--- a/classes/urlhelper.php
+++ b/classes/urlhelper.php
@@ -353,7 +353,7 @@ class UrlHelper {
 			curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
 			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 			curl_setopt($ch, CURLOPT_HEADER, true);
-			curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
+			curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
 			curl_setopt($ch, CURLOPT_USERAGENT, $useragent ? $useragent : Config::get_user_agent());
 			curl_setopt($ch, CURLOPT_ENCODING, "");
 			curl_setopt($ch, CURLOPT_COOKIEJAR, "/dev/null");
@@ -393,6 +393,15 @@ class UrlHelper {
 				curl_setopt($ch, CURLOPT_USERPWD, "$login:$pass");
 
 			$ret = @curl_exec($ch);
+			$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+
+			// CURLAUTH_BASIC didn't work, let's retry with CURLAUTH_ANY in case it's actually something
+			// unusual like NTLM...
+			if ($http_code == 403 && $login && $pass) {
+				curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
+
+				$ret = @curl_exec($ch);
+			}
 
 			if (curl_errno($ch) === 23 || curl_errno($ch) === 61) {
 				curl_setopt($ch, CURLOPT_ENCODING, 'none');
-- 
GitLab