PHP :: Bug #2727 :: Incorrect 401 Status Manipulation

Bug #2727	Incorrect 401 Status Manipulation
Submitted:	1999-11-15 20:20 UTC	Modified:	1999-11-16 00:35 UTC
From:	mike at vservers	Assigned:
Status:	Closed	Package:	Other
PHP Version:	4.0 Beta 2	OS:	BSDI 4.01
Private report:	No	CVE-ID:	None

View Developer Edit

[1999-11-15 20:20 UTC] mike at vservers

Using Apache 1.3.1 and PHP 4.0b2:

If there's an Apache directive for a custom 401 authorization required) error page, and that error page file is a PHP file type, the PHP handler parses through the file and then changes the request status from 401 to 200.  

The result of this is that if you have a PHP enhanced 401 error page, PHP prevents your browser from requesting a password because it changes the request status from a 401 to a 200.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1999-11-16 00:35 UTC] sas at cvs dot php dot net

Add a 

header("HTTP/1.0 401 Unauthorized");

to your script and it should work.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Nov 03 09:00:02 2025 UTC