Re: [PHP-DEV] RC4: ground rules

Fri, 20 Dec 2002 21:47:34 -0800 

Attatched is a patch that essentially goes back
to 4.2.3 behavior except the external auth will not
be available with PHP in safe mode.  REMOTE_USER
exists regardless.  

It seems some people also wanted an ini option, I don't 
know how to do that! :)

References for this patch:
 http://bugs.php.net/20441
 http://cvs.php.net/diff.php/php4/sapi/apache/mod_php4.c?r1=1.132&r2=1.133

On a related note, I'm curious why PHP_AUTH_TYPE does
not exist, only the variable AUTH_TYPE does (for me).  
PHP_AUTH_TYPE has been documented forever, not sure if
it used to exist but various parts of PHP4 source make
it seem like it should.

Regards,
Philip Olson

p.s. Thanks to Wez and Steph for teaching me not to fear 
the source.


On Fri, 20 Dec 2002, Andrei Zmievski wrote:

> Everyone,
> 
> I have just released 4.3.0RC4. Despite the quote in my signature, I am
> determined to keep this one the very last final RC of the interminable
> 4.3.0 development cycle. Towards that end, I will closely monitor the
> CVS commits and revert any that do not satisfactorily explain what
> critical or showstopper bug they are fixing. I am aware that
> PHP_AUTH_USER issue raises certain concerns, but no one apparently could
> make a patch. If, however, one appears very soon, I may consider it a
> special one and apply it for 4.3.0.
> 
> -Andrei                                       http://www.gravitonic.com/
> 
> "The time from now until the completion
>  of the project tends to become constant." -- Douglas Hartree
> 
> -- 
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, visit: http://www.php.net/unsub.php
> 



Index: mod_php4.c
===================================================================
RCS file: /repository/php4/sapi/apache/mod_php4.c,v
retrieving revision 1.148
diff -u -r1.148 mod_php4.c
--- mod_php4.c  1 Dec 2002 03:28:21 -0000       1.148
+++ mod_php4.c  21 Dec 2002 05:18:12 -0000
@@ -448,7 +448,7 @@
                authorization = table_get(r->headers_in, "Authorization");
        }
        if (authorization
-               && !auth_type(r)
+               && (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r)))
                && !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) {
                tmp = uudecode(r->pool, authorization);
                SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':');

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to