jani Mon, 25 Jan 2010 16:28:13 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=293998
Log: - Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication) Bug: http://bugs.php.net/50832 (Assigned) HTTP fopen wrapper does not support passwordless HTTP authentication Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c U php/php-src/trunk/ext/standard/http_fopen_wrapper.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2010-01-25 16:21:23 UTC (rev 293997) +++ php/php-src/branches/PHP_5_2/NEWS 2010-01-25 16:28:13 UTC (rev 293998) @@ -18,6 +18,8 @@ gdImageFilledPolygon (libgd #100). (Takeshi Abe) - Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey) +- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP + authentication). (Jani) - Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe) - Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie Modified: php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c 2010-01-25 16:21:23 UTC (rev 293997) +++ php/php-src/branches/PHP_5_2/ext/standard/http_fopen_wrapper.c 2010-01-25 16:28:13 UTC (rev 293998) @@ -415,16 +415,20 @@ } /* auth header if it was specified */ - if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && resource->pass) { + if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) { /* decode the strings first */ php_url_decode(resource->user, strlen(resource->user)); - php_url_decode(resource->pass, strlen(resource->pass)); /* scratch is large enough, since it was made large enough for the whole URL */ strcpy(scratch, resource->user); strcat(scratch, ":"); - strcat(scratch, resource->pass); + /* Note: password is optional! */ + if (resource->pass) { + php_url_decode(resource->pass, strlen(resource->pass)); + strcat(scratch, resource->pass); + } + tmp = (char*)php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL); if (snprintf(scratch, scratch_len, "Authorization: Basic %s\r\n", tmp) > 0) { @@ -719,7 +723,7 @@ s++; \ } \ } \ -} \ +} /* check for control characters in login, password & path */ if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) { CHECK_FOR_CNTRL_CHARS(resource->user) Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-01-25 16:21:23 UTC (rev 293997) +++ php/php-src/branches/PHP_5_3/NEWS 2010-01-25 16:28:13 UTC (rev 293998) @@ -18,6 +18,8 @@ - Fixed possible crash when a error/warning is raised during php startup. (Pierre) +- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP + authentication). (Jani) - Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia) - Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). Modified: php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c 2010-01-25 16:21:23 UTC (rev 293997) +++ php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c 2010-01-25 16:28:13 UTC (rev 293998) @@ -416,16 +416,20 @@ } /* auth header if it was specified */ - if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && resource->pass) { + if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) { /* decode the strings first */ php_url_decode(resource->user, strlen(resource->user)); - php_url_decode(resource->pass, strlen(resource->pass)); /* scratch is large enough, since it was made large enough for the whole URL */ strcpy(scratch, resource->user); strcat(scratch, ":"); - strcat(scratch, resource->pass); + /* Note: password is optional! */ + if (resource->pass) { + php_url_decode(resource->pass, strlen(resource->pass)); + strcat(scratch, resource->pass); + } + tmp = (char*)php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL); if (snprintf(scratch, scratch_len, "Authorization: Basic %s\r\n", tmp) > 0) { @@ -746,7 +750,7 @@ s++; \ } \ } \ -} \ +} /* check for control characters in login, password & path */ if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) { CHECK_FOR_CNTRL_CHARS(resource->user) Modified: php/php-src/trunk/ext/standard/http_fopen_wrapper.c =================================================================== --- php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2010-01-25 16:21:23 UTC (rev 293997) +++ php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2010-01-25 16:28:13 UTC (rev 293998) @@ -459,16 +459,20 @@ } /* auth header if it was specified */ - if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && resource->pass) { + if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) { /* decode the strings first */ php_url_decode(resource->user, strlen(resource->user)); - php_url_decode(resource->pass, strlen(resource->pass)); /* scratch is large enough, since it was made large enough for the whole URL */ strcpy(scratch, resource->user); strcat(scratch, ":"); - strcat(scratch, resource->pass); + /* Note: password is optional! */ + if (resource->pass) { + php_url_decode(resource->pass, strlen(resource->pass)); + strcat(scratch, resource->pass); + } + tmp = (char*)php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL); if (snprintf(scratch, scratch_len, "Authorization: Basic %s\r\n", tmp) > 0) { @@ -798,7 +802,7 @@ s++; \ } \ } \ -} \ +} /* check for control characters in login, password & path */ if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) { CHECK_FOR_CNTRL_CHARS(resource->user)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php