[PHP-CVS] cvs: php4 /sapi/apache2filter sapi_apache2.c

Sat, 21 Dec 2002 13:50:57 -0800 

moriyoshi               Sat Dec 21 16:50:29 2002 EDT

  Modified files:              
    /php4/sapi/apache2filter    sapi_apache2.c 
  Log:
  Made auth information inaccessible under safe mode as discussed in the list
  
  
Index: php4/sapi/apache2filter/sapi_apache2.c
diff -u php4/sapi/apache2filter/sapi_apache2.c:1.96 
php4/sapi/apache2filter/sapi_apache2.c:1.97
--- php4/sapi/apache2filter/sapi_apache2.c:1.96 Sat Dec 21 01:34:31 2002
+++ php4/sapi/apache2filter/sapi_apache2.c      Sat Dec 21 16:50:28 2002
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: sapi_apache2.c,v 1.96 2002/12/21 06:34:31 moriyoshi Exp $ */
+/* $Id: sapi_apache2.c,v 1.97 2002/12/21 21:50:28 moriyoshi Exp $ */
 
 #include <fcntl.h>
 
@@ -340,7 +340,7 @@
                 * An intuitive brigade bug detection
                 * (http://bugs.php.net/18648)  
                 *
-                * This has something to do with the issue mentioned in this thread
+                * This has something to do with the issue mentioned in the thread
                 * on [EMAIL PROTECTED]:
                 *
                 * http://marc.theaimsgroup.com/?l=apr-dev&m=104039770818472&w=2
@@ -373,7 +373,7 @@
 {
        char *content_type;
        const char *auth;
-       
+
        PG(during_request_startup) = 0;
        SG(sapi_headers).http_response_code = 200;
        SG(request_info).content_type = apr_table_get(f->r->headers_in, 
"Content-Type");
@@ -387,15 +387,20 @@
        f->r->content_type = apr_pstrdup(f->r->pool, content_type);
        SG(request_info).post_data = ctx->post_data;
        SG(request_info).post_data_length = ctx->post_len;
+
        efree(content_type);
        apr_table_unset(f->r->headers_out, "Content-Length");
        apr_table_unset(f->r->headers_out, "Last-Modified");
        apr_table_unset(f->r->headers_out, "Expires");
        apr_table_unset(f->r->headers_out, "ETag");
        apr_table_unset(f->r->headers_in, "Connection");
-       auth = apr_table_get(f->r->headers_in, "Authorization");
-       php_handle_auth_data(auth TSRMLS_CC);
-
+       if (!PG(safe_mode)) {
+               auth = apr_table_get(f->r->headers_in, "Authorization");
+               php_handle_auth_data(auth TSRMLS_CC);
+       } else {
+               SG(request_info).auth_user = NULL;
+               SG(request_info).auth_password = NULL;
+       }
        php_request_startup(TSRMLS_C);
 }
 



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to