That's not true.  At least the "From the beginning of time" part.  This
used to be a restriction, then it was lost, now it is back.  You can go
scour cvs for the exact versions affected.

I am personally not entirely happy about this change either.  It is
definitely a security issue for shared server environments, and as such
perhaps the restriction should only be triggered when safe-mode is on.

-Rasmus

On Fri, 15 Nov 2002, Edin Kadribasic wrote:

> Well actually you could. From the beginning of time up to 4.3.0. I
> expect to see a lot of bug reports similar to this one.
>
> Edin
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, November 15, 2002 10:10 AM
> Subject: #20441 [Opn->Bgs]: PHP_AUTH_USER isn't set
>
>
> > ID:               20441
> >  Updated by:       [EMAIL PROTECTED]
> >  Reported By:      [EMAIL PROTECTED]
> > -Status:           Open
> > +Status:           Bogus
> >  Bug Type:         Apache related
> >  Operating System: Redhat Linux 7.1 kernel 2.4.2-2
> >  PHP Version:      4.3.0-pre2
> >  New Comment:
> >
> > You need to decide if you are using an external auth mechanism or
> http
> > auth from php.  You can't do both.
> >
> >
> > Previous Comments:
> > ------------------------------------------------------------------
> ------
> >
> > [2002-11-15 02:58:24] [EMAIL PROTECTED]
> >
> > I've upgraded PHP 4.2.3 to the beta 4.3.0-pre2 and I've set
> register
> > globals on in php.ini.
> >
> > My Apache version is 1.3.24.
> > PHP configure:
> > ./configure --with-apxs=/usr/local/apache/bin/apxs
> > --with-mysql=/usr/local/mysql --enable-ftp --with-openssl
> >
> > The script is using this .htaccess-file
> >
> > AuthType Basic
> > AuthName 'Urenregistratie'
> > AuthUserFile /htpasswd/urenreg
> > require valid-user
> >
> > I am sure that Apache is setting the PHP_AUTH_USER because the
> > following script gives the correct output:
> >
> > // begin dirty hack
> > $headers = apache_request_headers();
> > foreach ($headers as $header => $value) {
> >     if ($header == "Authorization")
> >     {
> >    $value = str_replace(" ", "", $value);
> >    $value = str_replace("Basic", "", $value);
> >    $userArray = explode(":", base64_decode($value));
> >     $PHP_AUTH_USER = $userArray[0];
> >     }
> > }
> > echo $PHP_AUTH_USER;
> > // end dirty hack
> >
> > If I echo $PHP_AUTH_USER or $_SERVER["PHP_AUTH_USER"] above this
> script
> > I am getting a empty result.
> >
> > Note: the script was functioning 100% properly with php 4.2.3
> >
> >
> >
> >
> > ------------------------------------------------------------------
> ------
> >
> >
> > --
> > Edit this bug report at http://bugs.php.net/?id=20441&edit=1
> >
> >
> >
>


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to