jani                                     Mon, 25 Jan 2010 16:28:13 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=293998

Log:
- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP 
authentication)

Bug: http://bugs.php.net/50832 (Assigned) HTTP fopen wrapper does not support 
passwordless HTTP authentication
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c
    U   php/php-src/trunk/ext/standard/http_fopen_wrapper.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2010-01-25 16:21:23 UTC (rev 293997)
+++ php/php-src/branches/PHP_5_2/NEWS   2010-01-25 16:28:13 UTC (rev 293998)
@@ -18,6 +18,8 @@
   gdImageFilledPolygon (libgd #100). (Takeshi Abe)
 - Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)

+- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
+  authentication). (Jani)
 - Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be 
called
   statically" error). (Jani, Felipe)
 - Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie

Modified: php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c      
2010-01-25 16:21:23 UTC (rev 293997)
+++ php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c      
2010-01-25 16:28:13 UTC (rev 293998)
@@ -415,16 +415,20 @@
        }

        /* auth header if it was specified */
-       if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && 
resource->pass)        {
+       if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) {
                /* decode the strings first */
                php_url_decode(resource->user, strlen(resource->user));
-               php_url_decode(resource->pass, strlen(resource->pass));

                /* scratch is large enough, since it was made large enough for 
the whole URL */
                strcpy(scratch, resource->user);
                strcat(scratch, ":");
-               strcat(scratch, resource->pass);

+               /* Note: password is optional! */
+               if (resource->pass) {
+                       php_url_decode(resource->pass, strlen(resource->pass));
+                       strcat(scratch, resource->pass);
+               }
+
                tmp = (char*)php_base64_encode((unsigned char*)scratch, 
strlen(scratch), NULL);

                if (snprintf(scratch, scratch_len, "Authorization: Basic 
%s\r\n", tmp) > 0) {
@@ -719,7 +723,7 @@
                        s++;    \
                }       \
        }       \
-}      \
+}
                        /* check for control characters in login, password & 
path */
                        if (strncasecmp(new_path, "http://";, sizeof("http://";) 
- 1) || strncasecmp(new_path, "https://";, sizeof("https://";) - 1)) {
                                CHECK_FOR_CNTRL_CHARS(resource->user)

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2010-01-25 16:21:23 UTC (rev 293997)
+++ php/php-src/branches/PHP_5_3/NEWS   2010-01-25 16:28:13 UTC (rev 293998)
@@ -18,6 +18,8 @@
 - Fixed possible crash when a error/warning is raised during php startup.
   (Pierre)

+- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
+  authentication). (Jani)
 - Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams).
   (vnegrier at optilian dot com, Ilia)
 - Fixed bug #50761 (system.multiCall crashes in xmlrpc extension).

Modified: php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c      
2010-01-25 16:21:23 UTC (rev 293997)
+++ php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c      
2010-01-25 16:28:13 UTC (rev 293998)
@@ -416,16 +416,20 @@
        }

        /* auth header if it was specified */
-       if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && 
resource->pass)        {
+       if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) {
                /* decode the strings first */
                php_url_decode(resource->user, strlen(resource->user));
-               php_url_decode(resource->pass, strlen(resource->pass));

                /* scratch is large enough, since it was made large enough for 
the whole URL */
                strcpy(scratch, resource->user);
                strcat(scratch, ":");
-               strcat(scratch, resource->pass);

+               /* Note: password is optional! */
+               if (resource->pass) {
+                       php_url_decode(resource->pass, strlen(resource->pass));
+                       strcat(scratch, resource->pass);
+               }
+
                tmp = (char*)php_base64_encode((unsigned char*)scratch, 
strlen(scratch), NULL);

                if (snprintf(scratch, scratch_len, "Authorization: Basic 
%s\r\n", tmp) > 0) {
@@ -746,7 +750,7 @@
                        s++;    \
                }       \
        }       \
-}      \
+}
                        /* check for control characters in login, password & 
path */
                        if (strncasecmp(new_path, "http://";, sizeof("http://";) 
- 1) || strncasecmp(new_path, "https://";, sizeof("https://";) - 1)) {
                                CHECK_FOR_CNTRL_CHARS(resource->user)

Modified: php/php-src/trunk/ext/standard/http_fopen_wrapper.c
===================================================================
--- php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2010-01-25 16:21:23 UTC 
(rev 293997)
+++ php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2010-01-25 16:28:13 UTC 
(rev 293998)
@@ -459,16 +459,20 @@
        }

        /* auth header if it was specified */
-       if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && 
resource->pass)        {
+       if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) {
                /* decode the strings first */
                php_url_decode(resource->user, strlen(resource->user));
-               php_url_decode(resource->pass, strlen(resource->pass));

                /* scratch is large enough, since it was made large enough for 
the whole URL */
                strcpy(scratch, resource->user);
                strcat(scratch, ":");
-               strcat(scratch, resource->pass);

+               /* Note: password is optional! */
+               if (resource->pass) {
+                       php_url_decode(resource->pass, strlen(resource->pass));
+                       strcat(scratch, resource->pass);
+               }
+
                tmp = (char*)php_base64_encode((unsigned char*)scratch, 
strlen(scratch), NULL);

                if (snprintf(scratch, scratch_len, "Authorization: Basic 
%s\r\n", tmp) > 0) {
@@ -798,7 +802,7 @@
                        s++;    \
                }       \
        }       \
-}      \
+}
                        /* check for control characters in login, password & 
path */
                        if (strncasecmp(new_path, "http://";, sizeof("http://";) 
- 1) || strncasecmp(new_path, "https://";, sizeof("https://";) - 1)) {
                                CHECK_FOR_CNTRL_CHARS(resource->user)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to