php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #21326 Create a PHP_AUTH_* on/off directive
Submitted: 2003-01-01 22:34 UTC Modified: 2013-10-28 07:33 UTC
From: luci at conexim dot com dot au Assigned: krakjoe (profile)
Status: Closed Package: *General Issues
PHP Version: 4.3.0 OS: RHL7.3
Private report: No CVE-ID: None
View Developer Edit
 [2003-01-01 22:34 UTC] luci at conexim dot com dot au 
Quoting 4.3.0 changelog:
> Make PHP_AUTH_* variables not available in safe mode under Apache when an external basic auth mechanism is used. (Philip)

You cannot just change this behaviour. I don't think anyone asked for this either. While the reasoning for this change seems to be that you can't mix 2 authentication modes, you may still wish to authenticate using basic external auth, and then get the AUTH_USER name passed to PHP for further processing/dynamic content generation.

Please restore old behaviour.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-01 23:40 UTC] philip@php.net 
This was discussed quite a bit and that change was decided upon.  In the future there may be a directive to turn this on or off despite safe_mode.  So, I'm marking this as a feature request for that and changing the title to reflect it.

And for the record, the docs had forever noted that mixing the two should never work despite the safe_mode setting.

Regardless, you can always use REMOTE_USER to get the username so it sounds like that's what you want to do.  It is available regardless of safe_mode setting.
 [2013-10-28 07:33 UTC] krakjoe@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: krakjoe
 [2013-10-28 07:33 UTC] krakjoe@php.net 
Auth vars are not longer dependent on safe_mode, they are registered if present, no special action is taken for Apache.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Oct 17 15:01:28 2024 UTC