PHP :: Bug #28670 :: PCRE + Safemode + WWW-authenticate header error

Bug #28670

PCRE + Safemode + WWW-authenticate header error

Submitted:

2004-06-07 14:19 UTC

Modified:

2004-06-08 14:35 UTC

Votes:	6
Avg. Score:	3.3 ± 1.4
Reproduced:	3 of 5 (60.0%)
Same Version:	1 (33.3%)
Same OS:	3 (100.0%)

From:

jg at b-one dot net

Assigned:

Status:

Wont fix

Package:

Unknown/Other Function

PHP Version:

4CVS-2004-06-07 (stable)

OS:

Linux (Debian)

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jg at b-one dot net
New email:
PHP Version:		OS:

New Comment:

[2004-06-07 14:19 UTC] jg at b-one dot net

Description:
------------
pcre-regexp + safemode affects output of 

header("WWW-Authenticate: Basic realm=\"ABC\");

and causes internal server error with mod_fcgi.

The problem is in 4.3.7 and latest stable cvs 2004-06-07


In safemode without pcre-regexp php return 
WWW-Authenticate: Basic realm="1000"

With pcre-regexp php returns
WWW-Authenticate:  Basic realm="ABC-1000"

I suspect the extra space between key and value to cause mod_fcgi to "internal server error".


Reproduce code:
---------------
<? 

header("HTTP/1.1 401 Unauthorized");
header("WWW-Authenticate: Basic realm=\"ABC\"");

echo "I need your credentials";

?>



Expected result:
----------------
Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate: Basic realm="ABC-1000"



Actual result:
--------------
without pcre-regexp:

Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate: Basic realm="1000"



with pcre-regexp:

Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate:  Basic realm="ABC-1000"

(notice extra space)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-06-07 15:52 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2004-06-08 10:01 UTC] jg at b-one dot net

Only half of the bug report is fixed.

When php is build without pcre-regexp the realm is wrong.
Only uid is in realm, not realm name from header(...)
se "actual output".

Sorry for not beeing more specific about that.

[2004-06-08 14:35 UTC] iliaa@php.net

The instance where pcre is not available cannot be 
addressed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 10:01:28 2024 UTC