From a57f2cf744b3d46953561f02039e75c06a8cf775 Mon Sep 17 00:00:00 2001 From: "Arnout Vandecappelle (Essensium/Mind)" Date: Fri, 3 Dec 2010 13:16:34 +0100 Subject: [PATCH] Do authentication before trying NEW_REQUEST callback. --- mongoose.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mongoose.c b/mongoose.c index 94246ac8..a3c8a142 100644 --- a/mongoose.c +++ b/mongoose.c @@ -3227,10 +3227,10 @@ static void handle_request(struct mg_connection *conn) { convert_uri_to_file_name(conn, ri->uri, path, sizeof(path)); DEBUG_TRACE(("%s", ri->uri)); - if (call_user(conn, MG_NEW_REQUEST) != NULL) { - // Do nothing, callback has served the request - } else if (!check_authorization(conn, path)) { + if (!check_authorization(conn, path)) { send_authorization_request(conn); + } else if (call_user(conn, MG_NEW_REQUEST) != NULL) { + // Do nothing, callback has served the request } else if (strstr(path, PASSWORDS_FILE_NAME)) { // Do not allow to view passwords files send_http_error(conn, 403, "Forbidden", "Access Forbidden");