Bug #23902 [Com]: header("HTTP/1.0 401 Authorization Required"); failed

Mon, 19 Apr 2010 23:49:23 -0700 

Edit report at http://bugs.php.net/bug.php?id=23902&edit=1

 ID:               23902
 Comment by:       dim_logaras at windowslive dot com
 Reported by:      noxter at web dot de
 Summary:          header("HTTP/1.0 401 Authorization Required"); failed
 Status:           Closed
 Type:             Bug
 Package:          CGI related
 Operating System: Windows 2000
 PHP Version:      4.3.2
 Assigned To:      edink

 New Comment:

i forgot my username for ip addres


Previous Comments:
------------------------------------------------------------------------
[2003-06-05 04:05:14] jan at kneschke dot de

Doesn't IIS parse CGI headers ? 

 

If it does: 

CGI-script are not allowed to send HTTP-response headers at 

all. If a CGI script wants to pass a status-code to the Server by 

stetting the Status-header. 

 

http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html 

Section 7.2 

 

removing the HTTP-response header is a good thing for 

Parser-Header environments.

------------------------------------------------------------------------
[2003-06-04 18:17:10] ptchristendom at yahoo dot com

On windows 2003, PHP 4.3.2, any location header at all causes this.  You
can also verify it from the command line:



script.php contains this line only:

<? header('Location: http://localhost.com/page.html'); ?>



Output:

d:\php-4.3.2\php script.php

(null)

Content-type: text/html; charset=iso-8859-1

X-Powered-By: PHP/4.3.2

Location: http://localhost.com/page.html



Setting cgi.rfc2616_headers = 0 is a workaround for this, at least until
the bug is fixed.

------------------------------------------------------------------------
[2003-06-03 05:15:38] ed...@php.net

I have applied Shane's patch which solves the problem with (Null) in the
header output.



cgi.rfc2616_headers should be left to 0 if basic authentication is used
under IIS and PHP cgi as Shane noted.



In order to make it work you would need to edit in your IIS
configuration 'Directory Security'. Click on 'Edit' and check only
'Anonymous access'. All other fields should be left empty.



http://snaps.php.net/win32/php4-win32-STABLE-latest.zip will contain the
fix in some 3 hours or so.

------------------------------------------------------------------------
[2003-06-03 03:11:18] ed...@php.net

cgi.rfc2616_headers directive was added in response to bug #19207. Later
changes to SAPI.c made it malfunction.

------------------------------------------------------------------------
[2003-06-03 01:56:09] sh...@php.net

Since my testing appears to show that rfc2616_headers *DOES NOT* work
with IIS/5.0, I'm reasigning this to the author of that code.  However,
the patch below 'fixes' the (null) problem, and properly allows full
status lines to be used with the authenticate header.  This bug is
related to bug 19207.



With rfc2616_headers=1 on IIS/5.0, the following occurs (IIS/5.0 likes
rfc2616_headers=0, oposite of comments in php.ini):



C:\usr\src\php43>wget -S http://localhost/auth.php43d

--23:54:42--  http://localhost/auth.php43d

           => `auth.php43d.4'

Resolving localhost... done.

Connecting to localhost[127.0.0.1]:80... connected.

HTTP request sent, awaiting response...

 1 HTTP/1.1 200 OK

 2 Server: Microsoft-IIS/5.0

 3 Date: Tue, 03 Jun 2003 06:54:42 GMT

 4 HTTP/1.0 401 Authorization Required

 5 Content-type: text/html

 6 X-Powered-By: PHP/4.3.3-dev

 7 WWW-Authenticate: Basic realm="example"



    [ <=>                                 ] 4              3.91K/s







Index: main/SAPI.c

===================================================================

RCS file: /repository/php4/main/SAPI.c,v

retrieving revision 1.155.2.9

diff -u -d -u -r1.155.2.9 SAPI.c

--- main/SAPI.c 11 Feb 2003 23:30:13 -0000      1.155.2.9

+++ main/SAPI.c 3 Jun 2003 06:48:47 -0000

@@ -456,6 +456,12 @@

 

 static void sapi_update_response_code(int ncode TSRMLS_DC)

 {

+       /* if the status code did not change, we do not want

+          to change the status line, and no need to change the code */

+       if (SG(sapi_headers).http_response_code == ncode) {

+               return;

+       }

+

        if (SG(sapi_headers).http_status_line) {

                efree(SG(sapi_headers).http_status_line);

                SG(sapi_headers).http_status_line = NULL;

Index: sapi/cgi/cgi_main.c

===================================================================

RCS file: /repository/php4/sapi/cgi/cgi_main.c,v

retrieving revision 1.190.2.37

diff -u -d -u -r1.190.2.37 cgi_main.c

--- sapi/cgi/cgi_main.c 31 May 2003 17:02:01 -0000      1.190.2.37

+++ sapi/cgi/cgi_main.c 3 Jun 2003 06:48:47 -0000

@@ -303,7 +303,7 @@

        if (SG(sapi_headers).http_response_code != 200) {

                int len;

                

-               if (rfc2616_headers) {

+               if (rfc2616_headers && SG(sapi_headers).http_status_line) {

                        len = snprintf(buf, SAPI_CGI_MAX_HEADER_LENGTH, 

                                                   "%s\r\n", 
SG(sapi_headers).http_status_line);

 



------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=23902


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=23902&edit=1

Reply via email to