andrei Sat Dec 21 15:09:09 2002 EDT
Modified files: (Branch: PHP_4_3)
/php4/sapi/apache mod_php4.c
Log:
Make PHP_AUTH_* variables not available in safe mode under Apache. Patch by
Philip Olson.
Index: php4/sapi/apache/mod_php4.c
diff -u php4/sapi/apache/mod_php4.c:1.146 php4/sapi/apache/mod_php4.c:1.146.2.1
--- php4/sapi/apache/mod_php4.c:1.146 Sun Nov 10 14:34:09 2002
+++ php4/sapi/apache/mod_php4.c Sat Dec 21 15:09:09 2002
@@ -17,7 +17,7 @@
| PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mod_php4.c,v 1.146 2002/11/10 19:34:09 iliaa Exp $ */
+/* $Id: mod_php4.c,v 1.146.2.1 2002/12/21 20:09:09 andrei Exp $ */
#include "php_apache_http.h"
@@ -415,7 +415,7 @@
authorization = table_get(r->headers_in, "Authorization");
}
if (authorization
- && !auth_type(r)
+ && (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r)))
&& !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) {
tmp = uudecode(r->pool, authorization);
SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':');
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
