ID: 23902 Updated by: [EMAIL PROTECTED] Reported By: noxter at web dot de Status: Assigned Bug Type: CGI related Operating System: Windows 2000 PHP Version: 4.3.2 -Assigned To: shane +Assigned To: edink New Comment:
Since my testing appears to show that rfc2616_headers *DOES NOT* work with IIS/5.0, I'm reasigning this to the author of that code. However, the patch below 'fixes' the (null) problem, and properly allows full status lines to be used with the authenticate header. This bug is related to bug 19207. With rfc2616_headers=1 on IIS/5.0, the following occurs (IIS/5.0 likes rfc2616_headers=0, oposite of comments in php.ini): C:\usr\src\php43>wget -S http://localhost/auth.php43d --23:54:42-- http://localhost/auth.php43d => `auth.php43d.4' Resolving localhost... done. Connecting to localhost[127.0.0.1]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 200 OK 2 Server: Microsoft-IIS/5.0 3 Date: Tue, 03 Jun 2003 06:54:42 GMT 4 HTTP/1.0 401 Authorization Required 5 Content-type: text/html 6 X-Powered-By: PHP/4.3.3-dev 7 WWW-Authenticate: Basic realm="example" [ <=> ] 4 3.91K/s Index: main/SAPI.c =================================================================== RCS file: /repository/php4/main/SAPI.c,v retrieving revision 1.155.2.9 diff -u -d -u -r1.155.2.9 SAPI.c --- main/SAPI.c 11 Feb 2003 23:30:13 -0000 1.155.2.9 +++ main/SAPI.c 3 Jun 2003 06:48:47 -0000 @@ -456,6 +456,12 @@ static void sapi_update_response_code(int ncode TSRMLS_DC) { + /* if the status code did not change, we do not want + to change the status line, and no need to change the code */ + if (SG(sapi_headers).http_response_code == ncode) { + return; + } + if (SG(sapi_headers).http_status_line) { efree(SG(sapi_headers).http_status_line); SG(sapi_headers).http_status_line = NULL; Index: sapi/cgi/cgi_main.c =================================================================== RCS file: /repository/php4/sapi/cgi/cgi_main.c,v retrieving revision 1.190.2.37 diff -u -d -u -r1.190.2.37 cgi_main.c --- sapi/cgi/cgi_main.c 31 May 2003 17:02:01 -0000 1.190.2.37 +++ sapi/cgi/cgi_main.c 3 Jun 2003 06:48:47 -0000 @@ -303,7 +303,7 @@ if (SG(sapi_headers).http_response_code != 200) { int len; - if (rfc2616_headers) { + if (rfc2616_headers && SG(sapi_headers).http_status_line) { len = snprintf(buf, SAPI_CGI_MAX_HEADER_LENGTH, "%s\r\n", SG(sapi_headers).http_status_line); Previous Comments: ------------------------------------------------------------------------ [2003-06-02 14:12:40] [EMAIL PROTECTED] Yeah, I started on a fix for it yesterday and will look at it again tonight. Not sure who wrote the header stuff, but not checking for NULL is the problem here. ------------------------------------------------------------------------ [2003-06-02 12:42:46] [EMAIL PROTECTED] This works: <?php header("WWW-Authenticate: Basic realm=\"example\""); header("HTTP/1.0 401 Authorization Required"); ?> For Shane: Seems that when line sapi/cgi/cgi_main.c:307 is reached, the SG(sapi_headers).http_status_line is reset to NULL in line main/SAPI.c:591 (matters only when cgi.rfc2616_headers = 1). Not sure if this is bug in SAPI.c (or not even a bug) but CGI SAPI should handle this a bit better, at least by not setting that "(null)\r\n" header line. ------------------------------------------------------------------------ [2003-06-02 11:43:14] noxter at web dot de No difference. HTTP/1.0 or 1.1, the result is alike. ------------------------------------------------------------------------ [2003-06-01 21:01:55] [EMAIL PROTECTED] What if you sent it as HTTP/1.1: header("HTTP/1.1 401 Authorization Required"); Does it make any difference? ------------------------------------------------------------------------ [2003-05-30 12:16:33] noxter at web dot de The follow example failed by php as common gateway interface application. This problem is common and not specified of a server. Testing with apache, iis, devwex ... . The option cgi.rfc2616_headers = 1 is setting in the php.ini. <? header("HTTP/1.0 401 Authorization Required"); header("WWW-Authenticate: Basic realm=\"example\""); ?> the response of Server : HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Fri, 30 May 2003 17:04:01 GMT (null) Content-type: text/html X-Powered-By: PHP/4.3.2 WWW-Authenticate: Basic realm="example" the respone of CGI: (null) Content-type: text/html X-Powered-By: PHP/4.3.2 WWW-Authenticate: Basic realm="example" ... the respone correct is: HTTP/1.0 401 Authorization Required Content-type: text/html X-Powered-By: PHP/4.3.2 WWW-Authenticate: Basic realm="example" ... ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=23902&edit=1
