PHP :: Bug #14964 :: safe mode & basic authentication

Bug #14964

safe mode & basic authentication

Submitted:

2002-01-10 08:24 UTC

Modified:

2002-01-17 14:01 UTC

Votes:	6
Avg. Score:	5.0 ± 0.0
Reproduced:	6 of 6 (100.0%)
Same Version:	5 (83.3%)
Same OS:	3 (50.0%)

From:

ceco at noxis dot net

Assigned:

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

4.1.1

OS:

linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	ceco at noxis dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-01-10 08:24 UTC] ceco at noxis dot net

the following problem, a script works flawlessly without safe mode, but when safe mode enabled, the row

header("WWW-Authenticate: Basic realm=\"anything\"");

causes very strange error: apache doesn't return anything (no headers, no content) - size 0 (i checked it even through telnet).

when i comment this line, just the HTML message for the incorrect user or password is displayed (which should be displayed when cancel is hit by the user)

the code below is

header("HTTP/1.0 401 Unauthorized");
echo 'incorrect user or password';
die();

I'm not 100% percent sure, but I think it is not error of configuring php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-01-10 12:54 UTC] benter at yippi-yeah dot com

Same error:

* SuSE 7.3, Apache/1.3.20 (Linux/SuSE), SuSE kernel 2.4.10-4GB

* installed php4.1.1 
./configure --with-apxs=/usr/sbin/apxs \
      --with-gd \
      --with-freetype-dir=/usr/include/freetype2 \
      --with-zlib \
      --disable-debug \
      --enable-safe-mode \
      --with-exec-dir \
      --enable-calendar \
      --enable-magic-quotes \
      --with-mysql=/usr \
      --enable-ftp \
      --enable-memory-limit \
      --enable-track-vars  \
      --with-pdflib  \
      --with-jpeg-dir=/usr/lib \
      --with-config-file-path=/usr/local/lib  \
      --with-png-dir=/usr/lib

* copied php.ini-recommended to /usr/local/lib/php.ini

* activated safe_mode in php.ini

* when using header("WWW-Authenticate: ... process dies

* error_log:  [notice] child pid 14153 exit signal Segmentation fault (11)

* with "safe_mode = off" getting user/pass dialog

* will post more info when needed

[2002-01-17 13:59 UTC] gabriel at modwest dot com

We're having exactly the same problem.  PHP 4.1.1, apache 1.3.22 on Linux (kernel 2.4.14)

I don't want to revert to 4.0.6, so I put a big #if 0 around the code in sapi_add_header_ex() in SAPI.c, in the "WWW-Authenticate" case, where it does special stuff if safe mode is on.  It's a band-aid, but it works (for now)

[2002-01-17 14:01 UTC] sesser@php.net

This bug was fixed a few days ago in CVS

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Nov 05 08:00:02 2025 UTC