php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #2727 Incorrect 401 Status Manipulation
Submitted: 1999-11-15 20:20 UTC Modified: 1999-11-16 00:35 UTC
From: mike at vservers Assigned:
Status: Closed Package: Other
PHP Version: 4.0 Beta 2 OS: BSDI 4.01
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mike at vservers
New email:
PHP Version: OS:

 

 [1999-11-15 20:20 UTC] mike at vservers
Using Apache 1.3.1 and PHP 4.0b2:

If there's an Apache directive for a custom 401 authorization required) error page, and that error page file is a PHP file type, the PHP handler parses through the file and then changes the request status from 401 to 200.  

The result of this is that if you have a PHP enhanced 401 error page, PHP prevents your browser from requesting a password because it changes the request status from a 401 to a 200. 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-11-16 00:35 UTC] sas at cvs dot php dot net
Add a 

header("HTTP/1.0 401 Unauthorized");

to your script and it should work.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 23:01:26 2024 UTC