php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #2727 Incorrect 401 Status Manipulation
Submitted: 1999-11-15 20:20 UTC Modified: 1999-11-16 00:35 UTC
From: mike at vservers Assigned:
Status: Closed Package: Other
PHP Version: 4.0 Beta 2 OS: BSDI 4.01
Private report: No CVE-ID: None
 [1999-11-15 20:20 UTC] mike at vservers
Using Apache 1.3.1 and PHP 4.0b2:

If there's an Apache directive for a custom 401 authorization required) error page, and that error page file is a PHP file type, the PHP handler parses through the file and then changes the request status from 401 to 200.  

The result of this is that if you have a PHP enhanced 401 error page, PHP prevents your browser from requesting a password because it changes the request status from a 401 to a 200. 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-11-16 00:35 UTC] sas at cvs dot php dot net
Add a 

header("HTTP/1.0 401 Unauthorized");

to your script and it should work.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 20:01:30 2024 UTC