Moriyoshi, I appreciate your effort here, but it seems that while this approach is more flexible, it is also bound to have more complicated. I have decided to apply Philip's patch for 4.3.0.
On Sat, 21 Dec 2002, Moriyoshi Koizumi wrote: > Ohh, it seems we have been working on the same patch simultaneously :) > > Attached is my version of fix for bug #20441, which adopts a new ini entry > "php_auth_exposure" so that administrators can selectively expose auth > information to the clients regardless of safe_mode settings. > > Possible values are: > > - php_auth_exposure=user > Only PHP_AUTH_USER is exposed. > > - php_auth_exposure=pw > Only PHP_AUTH_PW is exposed > > - php_auth_exposure=user,pw > Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed > > Hope this helps. > > Moriyoshi > > Philip Olson <[EMAIL PROTECTED]> wrote: > > > > > Attatched is a patch that essentially goes back > > to 4.2.3 behavior except the external auth will not > > be available with PHP in safe mode. REMOTE_USER > > exists regardless. > > > > It seems some people also wanted an ini option, I don't > > know how to do that! :) > > > > References for this patch: > > http://bugs.php.net/20441 > > http://cvs.php.net/diff.php/php4/sapi/apache/mod_php4.c?r1=1.132&r2=1.133 > > > > On a related note, I'm curious why PHP_AUTH_TYPE does > > not exist, only the variable AUTH_TYPE does (for me). > > PHP_AUTH_TYPE has been documented forever, not sure if > > it used to exist but various parts of PHP4 source make > > it seem like it should. > > > > Regards, > > Philip Olson > > > > p.s. Thanks to Wez and Steph for teaching me not to fear > > the source. > > > > > > On Fri, 20 Dec 2002, Andrei Zmievski wrote: > > > > > Everyone, > > > > > > I have just released 4.3.0RC4. Despite the quote in my signature, I am > > > determined to keep this one the very last final RC of the interminable > > > 4.3.0 development cycle. Towards that end, I will closely monitor the > > > CVS commits and revert any that do not satisfactorily explain what > > > critical or showstopper bug they are fixing. I am aware that > > > PHP_AUTH_USER issue raises certain concerns, but no one apparently could > > > make a patch. If, however, one appears very soon, I may consider it a > > > special one and apply it for 4.3.0. > > > > > > -Andrei http://www.gravitonic.com/ > > > > > > "The time from now until the completion > > > of the project tends to become constant." -- Douglas Hartree > > > > > > -- > > > PHP Development Mailing List <http://www.php.net/> > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > Index: main/main.c > =================================================================== > RCS file: /repository/php4/main/main.c,v > retrieving revision 1.520 > diff -u -r1.520 main.c > --- main/main.c 16 Dec 2002 15:43:52 -0000 1.520 > +++ main/main.c 21 Dec 2002 06:17:30 -0000 > @@ -112,6 +112,9 @@ > > static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC); > > +static PHP_INI_MH(OnUpdate_php_auth_exposure); > +#define PHP_EXPOSE_AUTH_USER 0x0001 > +#define PHP_EXPOSE_AUTH_PW 0x0002 > > static char *short_track_vars_names[] = { > "_POST", > @@ -275,6 +278,7 @@ > STD_PHP_INI_ENTRY("output_handler", NULL, >PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler, >php_core_globals, core_globals) > STD_PHP_INI_BOOLEAN("register_argc_argv", "1", >PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv, >php_core_globals, core_globals) > STD_PHP_INI_BOOLEAN("register_globals", "0", >PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_globals, >php_core_globals, core_globals) > + STD_PHP_INI_ENTRY("php_auth_exposure", "none", >PHP_INI_SYSTEM, OnUpdate_php_auth_exposure, php_auth_exposure, >php_core_globals, core_globals) > #if PHP_SAFE_MODE > STD_PHP_INI_BOOLEAN("safe_mode", "1", >PHP_INI_SYSTEM, OnUpdateBool, safe_mode, > php_core_globals, core_globals) > #else > @@ -1191,6 +1195,7 @@ > SG(request_info).argv=(char **)NULL; > PG(connection_status) = PHP_CONNECTION_NORMAL; > PG(during_request_startup) = 0; > + PG(php_auth_exposure) = 0; > > CG(zend_lineno) = 0; > > @@ -1378,10 +1383,12 @@ > } > > /* PHP Authentication support */ > - if (SG(request_info).auth_user) { > + if ((PG(php_auth_exposure) & PHP_EXPOSE_AUTH_USER) && > + SG(request_info).auth_user) { > php_register_variable("PHP_AUTH_USER", SG(request_info).auth_user, >array_ptr TSRMLS_CC); > } > - if (SG(request_info).auth_password) { > + if ((PG(php_auth_exposure) & PHP_EXPOSE_AUTH_PW) && > + SG(request_info).auth_password) { > php_register_variable("PHP_AUTH_PW", SG(request_info).auth_password, >array_ptr TSRMLS_CC); > } > } > @@ -1820,6 +1827,66 @@ > } > /* }}} */ > #endif > + > +/* {{{ OnUpdate_php_auth_exposure */ > +static PHP_INI_MH(OnUpdate_php_auth_exposure) > +{ > + char *comp, *p1; > + int eos; > + long val = 0; > + int sp_cnt; > + > + comp = NULL; > + > + p1 = new_value; > + eos = 0; > + > + do { > + if (*p1 == '\0') { > + eos = 1; > + } > + > + if (comp == NULL) { > + if (!eos && *p1 != ' ') { > + comp = p1; > + sp_cnt = 0; > + } > + } else { > + if (!eos && *p1 == ' ') { > + ++sp_cnt; > + } else if (eos || *p1 == ',') { > + if (comp != NULL) { > + int comp_len = (int)(p1 - comp) - sp_cnt; > + if (comp_len == 4 && strncasecmp(comp, "user", >comp_len) == 0) { > + val |= PHP_EXPOSE_AUTH_USER; > + } else if (comp_len == 2 && strncasecmp(comp, >"pw", comp_len) == 0) { > + val |= PHP_EXPOSE_AUTH_PW; > + } > + comp = NULL; > + } > + } else { > + sp_cnt = 0; > + } > + } > + p1++; > + } while (!eos); > + > + { > + long *p; > + char *base; > +#ifndef ZTS > + base = (char *) mh_arg2; > +#else > + base = (char *) ts_resource(*((int *) mh_arg2)); > +#endif > + > + p = (long *) (base+(size_t) mh_arg1); > + > + *p = val; > + } > + return SUCCESS; > +} > +/* }}} */ > > /* > * Local variables: > Index: main/php_globals.h > =================================================================== > RCS file: /repository/php4/main/php_globals.h,v > retrieving revision 1.86 > diff -u -r1.86 php_globals.h > --- main/php_globals.h 30 Nov 2002 18:36:17 -0000 1.86 > +++ main/php_globals.h 21 Dec 2002 06:17:30 -0000 > @@ -141,6 +141,8 @@ > zend_bool always_populate_raw_post_data; > > zend_bool report_zend_debug; > + > + long php_auth_exposure; > }; > > > Index: sapi/apache/mod_php4.c > =================================================================== > RCS file: /repository/php4/sapi/apache/mod_php4.c,v > retrieving revision 1.148 > diff -u -r1.148 mod_php4.c > --- sapi/apache/mod_php4.c 1 Dec 2002 03:28:21 -0000 1.148 > +++ sapi/apache/mod_php4.c 21 Dec 2002 06:17:30 -0000 > @@ -448,7 +448,6 @@ > authorization = table_get(r->headers_in, "Authorization"); > } > if (authorization > - && !auth_type(r) > && !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) { > tmp = uudecode(r->pool, authorization); > SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':'); > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php -Andrei http://www.gravitonic.com/ * My wishlist: http://www.amazon.com/exec/obidos/wishlist/2Q2DIPY7BZLSH/ * -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
