sesser Wed Jul 14 05:43:26 2004 EDT
Modified files:
/php-src/sapi/apache mod_php5.c
Log:
Security Fix broken! Destroyed Basic auth. Blame: me
4.3.x not affected
http://cvs.php.net/diff.php/php-src/sapi/apache/mod_php5.c?r1=1.9&r2=1.10&ty=u
Index: php-src/sapi/apache/mod_php5.c
diff -u php-src/sapi/apache/mod_php5.c:1.9 php-src/sapi/apache/mod_php5.c:1.10
--- php-src/sapi/apache/mod_php5.c:1.9 Sat Jul 10 03:46:09 2004
+++ php-src/sapi/apache/mod_php5.c Wed Jul 14 05:43:26 2004
@@ -17,7 +17,7 @@
| PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mod_php5.c,v 1.9 2004/07/10 07:46:09 andi Exp $ */
+/* $Id: mod_php5.c,v 1.10 2004/07/14 09:43:26 sesser Exp $ */
#include "php_apache_http.h"
#include "http_conf_globals.h"
@@ -485,7 +485,7 @@
tmp = uudecode(r->pool, authorization);
SG(request_info).auth_user = NULL;
tmp_user = getword_nulls_nc(r->pool, &tmp, ':');
- if (SG(request_info).auth_user) {
+ if (tmp_user) {
r->connection->user = pstrdup(r->connection->pool, tmp_user);
r->connection->ap_auth_type = "Basic";
SG(request_info).auth_user = estrdup(tmp_user);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
