dgaudet 98/01/19 16:07:23
Modified: . STATUS src CHANGES src/main http_protocol.c Log: basic auth token should be tested case-insensitive PR: 1666 Submitted by: [EMAIL PROTECTED] Reviewed by: Dean Gaudet, Martin Kraemer, Ken Coar Revision Changes Path 1.98 +1 -0 apachen/STATUS Index: STATUS =================================================================== RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.97 retrieving revision 1.98 diff -u -r1.97 -r1.98 --- STATUS 1998/01/18 10:36:57 1.97 +++ STATUS 1998/01/20 00:07:18 1.98 @@ -87,6 +87,7 @@ * Martin's [PORT] Make apache compile & run on an EBCDIC mainframe * Martin's [PATCH] mod_speling [300] Multiple Choices bug (Take 2) * Dean's [PATCH] protect the environment + * general/1666: Apache uses a case sensitive match for "Basic" auth scheme Available Patches: 1.567 +3 -0 apachen/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.566 retrieving revision 1.567 diff -u -r1.566 -r1.567 --- CHANGES 1998/01/14 21:01:06 1.566 +++ CHANGES 1998/01/20 00:07:20 1.567 @@ -1,5 +1,8 @@ Changes with Apache 1.3b4 + *) "basic" auth needs a case-insensitive comparison. + [EMAIL PROTECTED] PR#1666 + *) For maximum portability, the environment passed to CGIs should only contain variables whose names match the regex /[a-zA-Z][a-zA-Z0-9_]*/. This is now enforced by stamping 1.175 +1 -1 apachen/src/main/http_protocol.c Index: http_protocol.c =================================================================== RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v retrieving revision 1.174 retrieving revision 1.175 diff -u -r1.174 -r1.175 --- http_protocol.c 1998/01/13 23:11:12 1.174 +++ http_protocol.c 1998/01/20 00:07:22 1.175 @@ -943,7 +943,7 @@ return AUTH_REQUIRED; } - if (strcmp(getword(r->pool, &auth_line, ' '), "Basic")) { + if (strcasecmp(getword(r->pool, &auth_line, ' '), "Basic")) { /* Client tried to authenticate using wrong auth scheme */ aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "client used wrong authentication scheme: %s", r->uri);