php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39324 url wrappers
Submitted: 2006-10-31 17:06 UTC Modified: 2006-11-16 01:00 UTC
From: omikorn at yahoo dot com Assigned:
Status: No Feedback Package: HTTP related
PHP Version: 4.4.4 OS: all
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: omikorn at yahoo dot com
New email:
PHP Version: OS:

 

 [2006-10-31 17:06 UTC] omikorn at yahoo dot com
Description:
------------
Ok there is a problem with URL wrappers when the remote server requires authentification.

Reproduce code:
---------------
Take file_get_contents for example:

//example code
$user="user";
$pass="somepassword";
$url = "www.whatever.com/members/messages.xml"
$content = file_get_contents("http://$user:$pass@$url");
$echo "Your new message is\n";

On the packet capture the things show like this:

T 65.111.170.157:33470 -> 196.34.149.111:80 [AP]
  GET /members/messages.xml HTTP/1.0\r\n
HTTP/1.0\r\n
##
T 65.111.170.157:33470 -> 196.34.149.111:80 [AP]
  Authorization: Basic bWI1MTptYXJpbHluMw==\r\nHost: www.property24online.co.za\r\n\r\n

Of course this failes. Wouldn't it be correct to pass the auth credentials _before_ the HTTP method is specified and more assign a temporary cookie?
e.g:

GET /members/messages.xml HTTP/1.0\r\n
Authorization: Basic bWI1MTptYXJpbHluMw==\r\nHost: www.property24online.co.za\r\n
HTTP/1.0\r\n\r\n


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-31 17:16 UTC] omikorn at yahoo dot com
URGENT,

Please make this private or edit post and obfuscate the encoded credentials in my capture.
 [2006-11-08 14:23 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip


 [2006-11-16 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 01:01:30 2024 UTC