ID: 46005 User updated by: admorten at umich dot edu Reported By: admorten at umich dot edu Status: Open Bug Type: Apache2 related Operating System: Linux 2.6.21.3 PHP Version: 5.2.6 New Comment:
Patch URLs got mangled. Shortened patch names: <http://rsug.itd.umich.edu/~admorten/apache2filter_user_logging.patch> <http://rsug.itd.umich.edu/~admorten/apache2handler_user_logging.patch> Previous Comments: ------------------------------------------------------------------------ [2008-09-05 19:57:04] admorten at umich dot edu Description: ------------ The apache2 handler and filter strip the user (r->user) from the request if there's no Authorization header in the request. This breaks user logging for authorization filters like mod_auth_kerb, mod_authnz_ldap and mod_cosign, which do not use the Authorization header. The patches linked to below check to see r->user is set and ensures that the user remains attached to the request, which Apache2 can then use to log the user properly. This should fix the issues reported previously in bug #44631. The issue was partially fixed with the patch in bug #22672, but that patch continued to rely on Authorization headers, and was only applied to the apache2 handler. Patches (apply to 5.2.6): <http://rsug.itd.umich.edu/~admorten/sapi_apache2filter_user_logging_f ix.patch> <http://rsug.itd.umich.edu/~admorten/sapi_apache2handler_user_logging_ fix.patch> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46005&edit=1