That's not true. At least the "From the beginning of time" part. This
used to be a restriction, then it was lost, now it is back. You can go
scour cvs for the exact versions affected.
I am personally not entirely happy about this change either. It is
definitely a security issue for shared server environments, and as such
perhaps the restriction should only be triggered when safe-mode is on.
-Rasmus
On Fri, 15 Nov 2002, Edin Kadribasic wrote:
> Well actually you could. From the beginning of time up to 4.3.0. I
> expect to see a lot of bug reports similar to this one.
>
> Edin
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, November 15, 2002 10:10 AM
> Subject: #20441 [Opn->Bgs]: PHP_AUTH_USER isn't set
>
>
> > ID: 20441
> > Updated by: [EMAIL PROTECTED]
> > Reported By: [EMAIL PROTECTED]
> > -Status: Open
> > +Status: Bogus
> > Bug Type: Apache related
> > Operating System: Redhat Linux 7.1 kernel 2.4.2-2
> > PHP Version: 4.3.0-pre2
> > New Comment:
> >
> > You need to decide if you are using an external auth mechanism or
> http
> > auth from php. You can't do both.
> >
> >
> > Previous Comments:
> > ------------------------------------------------------------------
> ------
> >
> > [2002-11-15 02:58:24] [EMAIL PROTECTED]
> >
> > I've upgraded PHP 4.2.3 to the beta 4.3.0-pre2 and I've set
> register
> > globals on in php.ini.
> >
> > My Apache version is 1.3.24.
> > PHP configure:
> > ./configure --with-apxs=/usr/local/apache/bin/apxs
> > --with-mysql=/usr/local/mysql --enable-ftp --with-openssl
> >
> > The script is using this .htaccess-file
> >
> > AuthType Basic
> > AuthName 'Urenregistratie'
> > AuthUserFile /htpasswd/urenreg
> > require valid-user
> >
> > I am sure that Apache is setting the PHP_AUTH_USER because the
> > following script gives the correct output:
> >
> > // begin dirty hack
> > $headers = apache_request_headers();
> > foreach ($headers as $header => $value) {
> > if ($header == "Authorization")
> > {
> > $value = str_replace(" ", "", $value);
> > $value = str_replace("Basic", "", $value);
> > $userArray = explode(":", base64_decode($value));
> > $PHP_AUTH_USER = $userArray[0];
> > }
> > }
> > echo $PHP_AUTH_USER;
> > // end dirty hack
> >
> > If I echo $PHP_AUTH_USER or $_SERVER["PHP_AUTH_USER"] above this
> script
> > I am getting a empty result.
> >
> > Note: the script was functioning 100% properly with php 4.2.3
> >
> >
> >
> >
> > ------------------------------------------------------------------
> ------
> >
> >
> > --
> > Edit this bug report at http://bugs.php.net/?id=20441&edit=1
> >
> >
> >
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
