php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50832 HTTP fopen wrapper does not support passwordless HTTP authentication
Submitted: 2010-01-25 10:15 UTC Modified: 2010-01-25 16:28 UTC
From: sebastian at sebsoft dot nl Assigned: jani
Status: Closed Package: HTTP related
PHP Version: 5.*, 6 OS: *
Private report: No CVE-ID:
 [2010-01-25 10:15 UTC] sebastian at sebsoft dot nl
Description:
------------
When using file_get_contents, the function only seems to include HTTP Authentication data when the password is set. When no password is set (e.g. http://username@myurl.com), no authentication data is sent. The result of this is, when calling another PHP script with file_get_contents and only supplying an HTTP username, $_SERVER['PHP_AUTH_USER'] is (unexpectedly) not set.

We are using Apache 2.2 in this setup (for server.php).
$_SERVER['PHP_AUTH_USER'] does seem to be set when calling the same URL using cURL or a browser.

Reproduce code:
---------------
client.php:
<?php
echo file_get_contents('http://testusername@hostname.tld/server.php');
?>

server.php:
<?php
if (isset($_SERVER['PHP_AUTH_USER']))
{
    echo $_SERVER['PHP_AUTH_USER'];
}
else
{
    echo "PHP AUTH USER not set";
}
?>


Expected result:
----------------
USER: testusername

Actual result:
--------------
PHP AUTH USER not set

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-25 16:28 UTC] svn@php.net
Automatic comment from SVN on behalf of jani
Revision: http://svn.php.net/viewvc/?view=revision&revision=293998
Log: - Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication)
 [2010-01-25 16:28 UTC] jani@php.net
Fixed in SVN.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 13:02:15 2014 UTC