Edit report at https://bugs.php.net/bug.php?id=60056&edit=1
ID: 60056 Updated by: larue...@php.net Reported by: david dot gero at ec dot gc dot ca Summary: Basic authorization crashes Windows CLI web server Status: Feedback Type: Bug Package: Built-in web server Operating System: Windows XP PHP Version: 5.4.0beta1 Block user comment: N Private report: N New Comment: see #55755, fixed already, thanks Previous Comments: ------------------------------------------------------------------------ [2011-10-15 15:54:45] cataphr...@php.net Please try using this snapshot: http://snaps.php.net/php5.4-latest.tar.gz For Windows: http://windows.php.net/snapshots/ This appears to have already been fixed. ------------------------------------------------------------------------ [2011-10-13 20:33:30] david dot gero at ec dot gc dot ca Package: should be PHP built-in web server related ------------------------------------------------------------------------ [2011-10-13 20:10:14] david dot gero at ec dot gc dot ca The second error probably happens on lines 1766 and 1869 of sapi/cli/php_cli_server.c where you are using Z_STRVAL_PP(val) instead of just *val request.headers are strings, not Z_STRs Look at the other examples of zend_hash_find in php_cli_server.c ------------------------------------------------------------------------ [2011-10-13 19:13:29] david dot gero at ec dot gc dot ca The first error happens at line 805 of main/SAPI.c ------------------------------------------------------------------------ [2011-10-13 16:45:34] david dot gero at ec dot gc dot ca Sigh. Your bug system wouldn't let me upload the PHP file, saying it was "text/x-php", which apparently isn't text. So here it is: <?php /*! \file basic-auth-test.php * \brief Test that basic authorization works even if web server doesn't do it */ function doauthreq() { header('WWW-Authenticate: Basic realm="Admin Area"'); header((isset($_SERVER["SERVER_PROTOCOL"]) ? $_SERVER["SERVER_PROTOCOL"] : 'HTTP/1.0') . ' 401 Unauthorized'); ?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> <?php if (isset($_SERVER['SERVER_SIGNATURE'])) echo '<hr>', PHP_EOL, $_SERVER['SERVER_SIGNATURE'], PHP_EOL; ?> </body></html> <?php exit(); } if ((!isset($_SERVER["PHP_AUTH_USER"])) || !isset($_SERVER["PHP_AUTH_PW"])) { if (isset($_SERVER["REMOTE_USER"]) && ini_get("safe_mode")) { // web server did authentication, but safe_mode is hiding PHP_AUTH_PW $php_auth_user = preg_replace('/[^[:alnum:]\\xC0-\\xD6\\xD8-\\xF6\\xF8-\\xFF @.\'_-]+/', '', $_SERVER["REMOTE_USER"]); $_SERVER["PHP_AUTH_USER"] = $php_auth_user; $_SERVER["PHP_AUTH_PW"] = 'testing'; } else { // web server not restricting access, request browser authentication doauthreq(); } } else if (!isset($_SERVER["REMOTE_USER"])) { // web server not restricting access, browser has responded with authentication if (strcmp($_SERVER['PHP_AUTH_PW'], 'testing') != 0) doauthreq(); } ?> <html> <head> <title>Basic Authorization Test</title> </head> <body bgcolor="white"> <h1>Basic Authorization Test</h1> <p>Success!<br /> You have been authorized as user: <?php echo $_SERVER["PHP_AUTH_USER"]; ?></p> </body> </html> ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60056 -- Edit this bug report at https://bugs.php.net/bug.php?id=60056&edit=1
