Andrei Zmievski <[EMAIL PROTECTED]> wrote: > Moriyoshi, > > I appreciate your effort here, but it seems that while this approach is > more flexible, it is also bound to have more complicated. I have decided > to apply Philip's patch for 4.3.0.
I think my patch is too complicated to be included in 4.3.0 release too, and there is still room for the discussion whether to prepare a special ini entry like "php_auth_exposure" for those variables. Moriyoshi > On Sat, 21 Dec 2002, Moriyoshi Koizumi wrote: > > Ohh, it seems we have been working on the same patch simultaneously :) > > > > Attached is my version of fix for bug #20441, which adopts a new ini entry > > "php_auth_exposure" so that administrators can selectively expose auth > > information to the clients regardless of safe_mode settings. > > > > Possible values are: > > > > - php_auth_exposure=user > > Only PHP_AUTH_USER is exposed. > > > > - php_auth_exposure=pw > > Only PHP_AUTH_PW is exposed > > > > - php_auth_exposure=user,pw > > Both PHP_AUTH_USER and PHP_AUTH_PW are exposeed > > > > Hope this helps. > > > > Moriyoshi > > > > Philip Olson <[EMAIL PROTECTED]> wrote: > > > > > > > > Attatched is a patch that essentially goes back > > > to 4.2.3 behavior except the external auth will not > > > be available with PHP in safe mode. REMOTE_USER > > > exists regardless. > > > > > > It seems some people also wanted an ini option, I don't > > > know how to do that! :) > > > > > > References for this patch: > > > http://bugs.php.net/20441 > > > http://cvs.php.net/diff.php/php4/sapi/apache/mod_php4.c?r1=1.132&r2=1.133 > > > > > > On a related note, I'm curious why PHP_AUTH_TYPE does > > > not exist, only the variable AUTH_TYPE does (for me). > > > PHP_AUTH_TYPE has been documented forever, not sure if > > > it used to exist but various parts of PHP4 source make > > > it seem like it should. > > > > > > Regards, > > > Philip Olson > > > > > > p.s. Thanks to Wez and Steph for teaching me not to fear > > > the source. > > > > > > > > > On Fri, 20 Dec 2002, Andrei Zmievski wrote: > > > > > > > Everyone, > > > > > > > > I have just released 4.3.0RC4. Despite the quote in my signature, I am > > > > determined to keep this one the very last final RC of the interminable > > > > 4.3.0 development cycle. Towards that end, I will closely monitor the > > > > CVS commits and revert any that do not satisfactorily explain what > > > > critical or showstopper bug they are fixing. I am aware that > > > > PHP_AUTH_USER issue raises certain concerns, but no one apparently could > > > > make a patch. If, however, one appears very soon, I may consider it a > > > > special one and apply it for 4.3.0. > > > > > > > > -Andrei http://www.gravitonic.com/ > > > > > > > > "The time from now until the completion > > > > of the project tends to become constant." -- Douglas Hartree > > > > > > > > -- > > > > PHP Development Mailing List <http://www.php.net/> > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > Index: main/main.c > > =================================================================== > > RCS file: /repository/php4/main/main.c,v > > retrieving revision 1.520 > > diff -u -r1.520 main.c > > --- main/main.c 16 Dec 2002 15:43:52 -0000 1.520 > > +++ main/main.c 21 Dec 2002 06:17:30 -0000 > > @@ -112,6 +112,9 @@ > > > > static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC); > > > > +static PHP_INI_MH(OnUpdate_php_auth_exposure); > > +#define PHP_EXPOSE_AUTH_USER 0x0001 > > +#define PHP_EXPOSE_AUTH_PW 0x0002 > > > > static char *short_track_vars_names[] = { > > "_POST", > > @@ -275,6 +278,7 @@ > > STD_PHP_INI_ENTRY("output_handler", NULL, >PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateString, output_handler, >php_core_globals, core_globals) > > STD_PHP_INI_BOOLEAN("register_argc_argv", "1", >PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_argc_argv, >php_core_globals, core_globals) > > STD_PHP_INI_BOOLEAN("register_globals", "0", >PHP_INI_PERDIR|PHP_INI_SYSTEM, OnUpdateBool, register_globals, >php_core_globals, core_globals) > > + STD_PHP_INI_ENTRY("php_auth_exposure", "none", >PHP_INI_SYSTEM, OnUpdate_php_auth_exposure, php_auth_exposure, >php_core_globals, core_globals) > > #if PHP_SAFE_MODE > > STD_PHP_INI_BOOLEAN("safe_mode", "1", >PHP_INI_SYSTEM, OnUpdateBool, safe_mode, > php_core_globals, core_globals) > > #else > > @@ -1191,6 +1195,7 @@ > > SG(request_info).argv=(char **)NULL; > > PG(connection_status) = PHP_CONNECTION_NORMAL; > > PG(during_request_startup) = 0; > > + PG(php_auth_exposure) = 0; > > > > CG(zend_lineno) = 0; > > > > @@ -1378,10 +1383,12 @@ > > } > > > > /* PHP Authentication support */ > > - if (SG(request_info).auth_user) { > > + if ((PG(php_auth_exposure) & PHP_EXPOSE_AUTH_USER) && > > + SG(request_info).auth_user) { > > php_register_variable("PHP_AUTH_USER", SG(request_info).auth_user, >array_ptr TSRMLS_CC); > > } > > - if (SG(request_info).auth_password) { > > + if ((PG(php_auth_exposure) & PHP_EXPOSE_AUTH_PW) && > > + SG(request_info).auth_password) { > > php_register_variable("PHP_AUTH_PW", SG(request_info).auth_password, >array_ptr TSRMLS_CC); > > } > > } > > @@ -1820,6 +1827,66 @@ > > } > > /* }}} */ > > #endif > > + > > +/* {{{ OnUpdate_php_auth_exposure */ > > +static PHP_INI_MH(OnUpdate_php_auth_exposure) > > +{ > > + char *comp, *p1; > > + int eos; > > + long val = 0; > > + int sp_cnt; > > + > > + comp = NULL; > > + > > + p1 = new_value; > > + eos = 0; > > + > > + do { > > + if (*p1 == '\0') { > > + eos = 1; > > + } > > + > > + if (comp == NULL) { > > + if (!eos && *p1 != ' ') { > > + comp = p1; > > + sp_cnt = 0; > > + } > > + } else { > > + if (!eos && *p1 == ' ') { > > + ++sp_cnt; > > + } else if (eos || *p1 == ',') { > > + if (comp != NULL) { > > + int comp_len = (int)(p1 - comp) - sp_cnt; > > + if (comp_len == 4 && strncasecmp(comp, "user", >comp_len) == 0) { > > + val |= PHP_EXPOSE_AUTH_USER; > > + } else if (comp_len == 2 && strncasecmp(comp, >"pw", comp_len) == 0) { > > + val |= PHP_EXPOSE_AUTH_PW; > > + } > > + comp = NULL; > > + } > > + } else { > > + sp_cnt = 0; > > + } > > + } > > + p1++; > > + } while (!eos); > > + > > + { > > + long *p; > > + char *base; > > +#ifndef ZTS > > + base = (char *) mh_arg2; > > +#else > > + base = (char *) ts_resource(*((int *) mh_arg2)); > > +#endif > > + > > + p = (long *) (base+(size_t) mh_arg1); > > + > > + *p = val; > > + } > > + return SUCCESS; > > +} > > +/* }}} */ > > > > /* > > * Local variables: > > Index: main/php_globals.h > > =================================================================== > > RCS file: /repository/php4/main/php_globals.h,v > > retrieving revision 1.86 > > diff -u -r1.86 php_globals.h > > --- main/php_globals.h 30 Nov 2002 18:36:17 -0000 1.86 > > +++ main/php_globals.h 21 Dec 2002 06:17:30 -0000 > > @@ -141,6 +141,8 @@ > > zend_bool always_populate_raw_post_data; > > > > zend_bool report_zend_debug; > > + > > + long php_auth_exposure; > > }; > > > > > > Index: sapi/apache/mod_php4.c > > =================================================================== > > RCS file: /repository/php4/sapi/apache/mod_php4.c,v > > retrieving revision 1.148 > > diff -u -r1.148 mod_php4.c > > --- sapi/apache/mod_php4.c 1 Dec 2002 03:28:21 -0000 1.148 > > +++ sapi/apache/mod_php4.c 21 Dec 2002 06:17:30 -0000 > > @@ -448,7 +448,6 @@ > > authorization = table_get(r->headers_in, "Authorization"); > > } > > if (authorization > > - && !auth_type(r) > > && !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) { > > tmp = uudecode(r->pool, authorization); > > SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':'); > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -Andrei http://www.gravitonic.com/ > * My wishlist: http://www.amazon.com/exec/obidos/wishlist/2Q2DIPY7BZLSH/ * -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
