ID:               49144
 Updated by:       dmi...@php.net
 Reported By:      david dot zuelke at bitextender dot com
-Status:           Open
+Status:           Assigned
 Bug Type:         SOAP related
 Operating System: Mac OS X 10.5.7
 PHP Version:      5.3.0
-Assigned To:      
+Assigned To:      dmitry


Previous Comments:
------------------------------------------------------------------------

[2009-08-03 16:32:54] david dot zuelke at bitextender dot com

Description:
------------
Say I have a webservice at foo.com, described by http://foo.com/wsdl, 
and it's protected by HTTP Basic Authentication.

If this WSDL inside the XML Schema definitions imports another schema 
from a different host, then the HTTP Basic Authentication credentials 
will be transmitted to this host, too, resulting in the credentials 
being inadvertently leaked to a third party.

An example is the importing of W3C's XML schema located at 
http://www.w3.org/2001/xml.xsd

The original issue was reported on the s...@lists.php.net list and 
brought to internals@'s attention here: 
http://thread.gmane.org/gmane.comp.php.devel/58024

Reproduce code:
---------------
.phpt: http://pastie.org/569897



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=49144&edit=1

Reply via email to