Handle misconfigured password and destination folder.

Note that the API is a little weird for this.
PhotoBackup/api#2

Author: Zegnat

CHANGELOG.md

@@ -5,6 +5,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ## [Unreleased]
 ### Added
 - This CHANGELOG file.
+- Handle misconfigured password and destination folder.
 
 ### Changed
 - Handle duplicate files in the same way as the Python implementation, adding

index.php

@@ -57,6 +57,19 @@
     exit();
 }
 
+/**
+ * Double check if a password has been configured. If there has not and we are
+ * testing the server, exit with HTTP code 401. Otherwise treat it as an empty
+ * string.
+ */
+if (!isset($Password) || !is_string($Password)) {
+    if ($testing) {
+        header($protocol . ' 401 Unauthorized');
+        exit();
+    }
+    $Password = '';
+}
+
 /**
  * If the client did not submit a password, or the submitted password did not
  * match this server's password, exit with HTTP code 403.
@@ -70,10 +83,12 @@
 }
 
 /**
- * If the upload destination folder does not exist or is not writable by PHP,
- * exit with HTTP code 500.
+ * If the upload destination folder has not been configured, does not exist, or
+ * is not writable by PHP, exit with HTTP code 500.
  */
 if (
+    !isset($MediaRoot) ||
+    !is_string($MediaRoot) ||
     !file_exists($MediaRoot) ||
     !is_dir($MediaRoot) ||
     !is_writable($MediaRoot)