From: e-nagya at eol dot hu
Operating system: Debian Linux, Apache 1.3.31
PHP version: 4.3.6
PHP Bug Type: Apache related
Bug description: POST-ed data unavailable from a Keep-Alive request
Description:
------------
When used together with Basic Authentication, in some cases the POST-ed
data is lost, so it's not available for the php script.
Reproduce code:
---------------
Situation when it occurs:
You have a directory structure like this:
/
+-.htaccess
|
+-source/
| `-- index.html
`-target/
`-- target.php
In the root directory you place a .htaccess file with the basic
authentication setup. In the source directory you have page (eg a .html
file), with a form inside, wich uses the post method to send the data to a
php script in the target directory. In the target directory you have a
script wich does nothing just prints $_POST.
The user enters at source/index.html, enters the password for the basic
authentication, fills in the form, posts it, and then the script at target
dir shows that no post data arrived. It's important, that the user doesn't
visit the root directory before doing so.
Expected result:
----------------
You should get the data what you've posted.
Actual result:
--------------
What happens is the following:
1) browser requests the index.html, but the server answares 401
Authorization Required
2) browser requests the index.html, now with the authentication data also,
wich succeeds now.
3) after the user fills in the form, browser tries to send it
4) target/target.php is requested, but without any authentication
information (since it's out of the scope, where the authentication was
made at step 2)
5) server answares 401, and keeps the connection open
6) browser this time tries to be smart, and sends the authentication data
with the form data also. (In the same connection)
7) now the server accepts the request, and passes it to the php, but it
doesn't recognize the posted data.
WORKAROUND:
If you disable the Keep-Alive in the server or in the browser, it works
fine.
This bug doesn't exist in lower php and apache versions, like Apache
1.3.29 + php 4.3.4
--
Edit bug report at http://bugs.php.net/?id=28635&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28635&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28635&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28635&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28635&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28635&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28635&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28635&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28635&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28635&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28635&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28635&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28635&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28635&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28635&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28635&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28635&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28635&r=float
