php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28670 PCRE + Safemode + WWW-authenticate header error
Submitted: 2004-06-07 14:19 UTC Modified: 2004-06-08 14:35 UTC
Votes:6
Avg. Score:3.3 ± 1.4
Reproduced:3 of 5 (60.0%)
Same Version:1 (33.3%)
Same OS:3 (100.0%)
From: jg at b-one dot net Assigned:
Status: Wont fix Package: Unknown/Other Function
PHP Version: 4CVS-2004-06-07 (stable) OS: Linux (Debian)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jg at b-one dot net
New email:
PHP Version: OS:

 

 [2004-06-07 14:19 UTC] jg at b-one dot net
Description:
------------
pcre-regexp + safemode affects output of 

header("WWW-Authenticate: Basic realm=\"ABC\");

and causes internal server error with mod_fcgi.

The problem is in 4.3.7 and latest stable cvs 2004-06-07


In safemode without pcre-regexp php return 
WWW-Authenticate: Basic realm="1000"

With pcre-regexp php returns
WWW-Authenticate:  Basic realm="ABC-1000"

I suspect the extra space between key and value to cause mod_fcgi to "internal server error".


Reproduce code:
---------------
<? 

header("HTTP/1.1 401 Unauthorized");
header("WWW-Authenticate: Basic realm=\"ABC\"");

echo "I need your credentials";

?>



Expected result:
----------------
Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate: Basic realm="ABC-1000"



Actual result:
--------------
without pcre-regexp:

Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate: Basic realm="1000"



with pcre-regexp:

Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate:  Basic realm="ABC-1000"

(notice extra space)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-07 15:52 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2004-06-08 10:01 UTC] jg at b-one dot net
Only half of the bug report is fixed.

When php is build without pcre-regexp the realm is wrong.
Only uid is in realm, not realm name from header(...)
se "actual output".

Sorry for not beeing more specific about that.
 [2004-06-08 14:35 UTC] iliaa@php.net
The instance where pcre is not available cannot be 
addressed. 
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 14 08:01:27 2024 UTC