Edit report at https://bugs.php.net/bug.php?id=60056&edit=1
ID: 60056 Updated by: cataphr...@php.net Reported by: david dot gero at ec dot gc dot ca Summary: Basic authorization crashes Windows CLI web server -Status: Open +Status: Feedback Type: Bug Package: Built-in web server Operating System: Windows XP PHP Version: 5.4.0beta1 Block user comment: N Private report: N New Comment: Please try using this snapshot: http://snaps.php.net/php5.4-latest.tar.gz For Windows: http://windows.php.net/snapshots/ This appears to have already been fixed. Previous Comments: ------------------------------------------------------------------------ [2011-10-13 20:33:30] david dot gero at ec dot gc dot ca Package: should be PHP built-in web server related ------------------------------------------------------------------------ [2011-10-13 20:10:14] david dot gero at ec dot gc dot ca The second error probably happens on lines 1766 and 1869 of sapi/cli/php_cli_server.c where you are using Z_STRVAL_PP(val) instead of just *val request.headers are strings, not Z_STRs Look at the other examples of zend_hash_find in php_cli_server.c ------------------------------------------------------------------------ [2011-10-13 19:13:29] david dot gero at ec dot gc dot ca The first error happens at line 805 of main/SAPI.c ------------------------------------------------------------------------ [2011-10-13 16:45:34] david dot gero at ec dot gc dot ca Sigh. Your bug system wouldn't let me upload the PHP file, saying it was "text/x-php", which apparently isn't text. So here it is: <?php /*! \file basic-auth-test.php * \brief Test that basic authorization works even if web server doesn't do it */ function doauthreq() { header('WWW-Authenticate: Basic realm="Admin Area"'); header((isset($_SERVER["SERVER_PROTOCOL"]) ? $_SERVER["SERVER_PROTOCOL"] : 'HTTP/1.0') . ' 401 Unauthorized'); ?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> <?php if (isset($_SERVER['SERVER_SIGNATURE'])) echo '<hr>', PHP_EOL, $_SERVER['SERVER_SIGNATURE'], PHP_EOL; ?> </body></html> <?php exit(); } if ((!isset($_SERVER["PHP_AUTH_USER"])) || !isset($_SERVER["PHP_AUTH_PW"])) { if (isset($_SERVER["REMOTE_USER"]) && ini_get("safe_mode")) { // web server did authentication, but safe_mode is hiding PHP_AUTH_PW $php_auth_user = preg_replace('/[^[:alnum:]\\xC0-\\xD6\\xD8-\\xF6\\xF8-\\xFF @.\'_-]+/', '', $_SERVER["REMOTE_USER"]); $_SERVER["PHP_AUTH_USER"] = $php_auth_user; $_SERVER["PHP_AUTH_PW"] = 'testing'; } else { // web server not restricting access, request browser authentication doauthreq(); } } else if (!isset($_SERVER["REMOTE_USER"])) { // web server not restricting access, browser has responded with authentication if (strcmp($_SERVER['PHP_AUTH_PW'], 'testing') != 0) doauthreq(); } ?> <html> <head> <title>Basic Authorization Test</title> </head> <body bgcolor="white"> <h1>Basic Authorization Test</h1> <p>Success!<br /> You have been authorized as user: <?php echo $_SERVER["PHP_AUTH_USER"]; ?></p> </body> </html> ------------------------------------------------------------------------ [2011-10-13 16:37:50] david dot gero at ec dot gc dot ca Description: ------------ The attached "Patch file" is actually a PHP program that shows the problem. Command line was: php -S 127.0.0.1:8000 -t \html In a browser, goto http://localhost:8000/basic-auth-test.php 1. First error is that the browser's authorization request displays "at 0" instead of "at Admin Area", meaning the PHP CLI server is not sending the realm correctly. 2. Second error is that the PHP CLI server crashes when the browser sends the Authorization: Basic <base64 userid:password> Test script: --------------- Patch file below is test script Expected result: ---------------- Expect the PHP CLI server not to crash, and to see the following at the browser: Success! You have been authorized as user: foo Actual result: -------------- Windows PHP CLI server crashes ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60056&edit=1
