moriyoshi Sat Dec 21 16:52:41 2002 EDT
Modified files: (Branch: PHP_4_3)
/php4/sapi/apache2filter sapi_apache2.c
Log:
MFH: Made auth information inaccessible under safe mode
Index: php4/sapi/apache2filter/sapi_apache2.c
diff -u php4/sapi/apache2filter/sapi_apache2.c:1.91.2.1
php4/sapi/apache2filter/sapi_apache2.c:1.91.2.2
--- php4/sapi/apache2filter/sapi_apache2.c:1.91.2.1 Mon Dec 9 13:45:37 2002
+++ php4/sapi/apache2filter/sapi_apache2.c Sat Dec 21 16:52:41 2002
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: sapi_apache2.c,v 1.91.2.1 2002/12/09 18:45:37 iliaa Exp $ */
+/* $Id: sapi_apache2.c,v 1.91.2.2 2002/12/21 21:52:41 moriyoshi Exp $ */
#include <fcntl.h>
@@ -369,8 +369,13 @@
apr_table_unset(f->r->headers_out, "Expires");
apr_table_unset(f->r->headers_out, "ETag");
apr_table_unset(f->r->headers_in, "Connection");
- auth = apr_table_get(f->r->headers_in, "Authorization");
- php_handle_auth_data(auth TSRMLS_CC);
+ if (!PG(safe_mode)) {
+ auth = apr_table_get(f->r->headers_in, "Authorization");
+ php_handle_auth_data(auth TSRMLS_CC);
+ } else {
+ SG(request_info).auth_user = NULL;
+ SG(request_info).auth_password = NULL;
+ }
php_request_startup(TSRMLS_C);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
