ID: 28635 Comment by: jorton at redhat dot com Reported By: e-nagya at eol dot hu Status: Open Bug Type: Apache related Operating System: Debian Linux, Apache 1.3.31 PHP Version: 4.3.6 New Comment:
This is an Apache 1.3 bug not a PHP bug: http://issues.apache.org/bugzilla/show_bug.cgi?id=29257 Previous Comments: ------------------------------------------------------------------------ [2004-06-05 01:30:07] e-nagya at eol dot hu Description: ------------ When used together with Basic Authentication, in some cases the POST-ed data is lost, so it's not available for the php script. Reproduce code: --------------- Situation when it occurs: You have a directory structure like this: / +-.htaccess | +-source/ | `-- index.html `-target/ `-- target.php In the root directory you place a .htaccess file with the basic authentication setup. In the source directory you have page (eg a .html file), with a form inside, wich uses the post method to send the data to a php script in the target directory. In the target directory you have a script wich does nothing just prints $_POST. The user enters at source/index.html, enters the password for the basic authentication, fills in the form, posts it, and then the script at target dir shows that no post data arrived. It's important, that the user doesn't visit the root directory before doing so. Expected result: ---------------- You should get the data what you've posted. Actual result: -------------- What happens is the following: 1) browser requests the index.html, but the server answares 401 Authorization Required 2) browser requests the index.html, now with the authentication data also, wich succeeds now. 3) after the user fills in the form, browser tries to send it 4) target/target.php is requested, but without any authentication information (since it's out of the scope, where the authentication was made at step 2) 5) server answares 401, and keeps the connection open 6) browser this time tries to be smart, and sends the authentication data with the form data also. (In the same connection) 7) now the server accepts the request, and passes it to the php, but it doesn't recognize the posted data. WORKAROUND: If you disable the Keep-Alive in the server or in the browser, it works fine. This bug doesn't exist in lower php and apache versions, like Apache 1.3.29 + php 4.3.4 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=28635&edit=1
