ID: 49144 Updated by: dmi...@php.net Reported By: david dot zuelke at bitextender dot com -Status: Assigned +Status: Closed Bug Type: SOAP related Operating System: Mac OS X 10.5.7 PHP Version: 5.3.0 Assigned To: dmitry New Comment:
This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2009-08-17 18:23:49] s...@php.net Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=287425 Log: Fixed bug #49144 (import of schema from different host transmits original authentication details) ------------------------------------------------------------------------ [2009-08-03 16:32:54] david dot zuelke at bitextender dot com Description: ------------ Say I have a webservice at foo.com, described by http://foo.com/wsdl, and it's protected by HTTP Basic Authentication. If this WSDL inside the XML Schema definitions imports another schema from a different host, then the HTTP Basic Authentication credentials will be transmitted to this host, too, resulting in the credentials being inadvertently leaked to a third party. An example is the importing of W3C's XML schema located at http://www.w3.org/2001/xml.xsd The original issue was reported on the s...@lists.php.net list and brought to internals@'s attention here: http://thread.gmane.org/gmane.comp.php.devel/58024 Reproduce code: --------------- .phpt: http://pastie.org/569897 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49144&edit=1