php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28635 POST-ed data unavailable from a Keep-Alive request
Submitted: 2004-06-05 01:30 UTC Modified: 2004-06-29 11:34 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: e-nagya at eol dot hu Assigned:
Status: Not a bug Package: Apache related
PHP Version: 4.3.6 OS: Debian Linux, Apache 1.3.31
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2004-06-05 01:30 UTC] e-nagya at eol dot hu 
Description:
------------
When used together with Basic Authentication, in some cases the POST-ed data is lost, so it's not available for the php script.


Reproduce code:
---------------
Situation when it occurs:
You have a directory structure like this:
/
+-.htaccess
|
+-source/
|     `-- index.html
`-target/
      `-- target.php

In the root directory you place a .htaccess file with the basic authentication setup. In the source directory you have page (eg a .html file), with a form inside, wich uses the post method to send the data to a php script in the target directory. In the target directory you have a script wich does nothing just prints $_POST.
The user enters at source/index.html, enters the password for the basic authentication, fills in the form, posts it, and then the script at target dir shows that no post data arrived. It's important, that the user doesn't visit the root directory before doing so.

Expected result:
----------------
You should get the data what you've posted.

Actual result:
--------------
What happens is the following:
1) browser requests the index.html, but the server answares 401 Authorization Required
2) browser requests the index.html, now with the authentication data also, wich succeeds now.
3) after the user fills in the form, browser tries to send it
4) target/target.php is requested, but without any authentication information (since it's out of the scope, where the authentication was made at step 2)
5) server answares 401, and keeps the connection open
6) browser this time tries to be smart, and sends the authentication data with the form data also. (In the same connection)
7) now the server accepts the request, and passes it to the php, but it doesn't recognize the posted data.

WORKAROUND:
If you disable the Keep-Alive in the server or in the browser, it works fine.

This bug doesn't exist in lower php and apache versions, like Apache 1.3.29 + php 4.3.4

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-28 13:57 UTC] jorton at redhat dot com 
This is an Apache 1.3 bug not a PHP bug:

http://issues.apache.org/bugzilla/show_bug.cgi?id=29257
 [2004-06-29 11:34 UTC] rasmus@php.net 
While I was actually responsible for screwing this up in Apache-1.3.31, it isn't related to PHP.
 [2022-02-20 02:16 UTC] cosiced628 at shackvine dot com 
I can confirm this happens with Apache for me as well on https://chatterbate.org. I doesn't seem to be a PHP issue at all.
 [2022-09-28 04:09 UTC] ministerhawk at gmail dot com 
Very good Post, my problem is really resolved. 

(https://sites.google.com/view/hpprintersoffline)github.com
(https://sites.google.com/view/how-factory-reset-hp-printers)github.com
 [2023-04-12 23:09 UTC] wed4fg_ffg1 at gmail dot com 
Nice solution , Thanks (https://vintagewatches.pk)github.com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 10:01:31 2024 UTC