Andrei Zmievski 24 years ago
parent
commit
2feb1cf6d7
  1. 2
      NEWS
  2. 2
      sapi/apache/mod_php4.c

2
NEWS

@ -19,6 +19,8 @@ PHP 4 NEWS
? ? ??? 2002, Version 4.3.0
- Make PHP_AUTH_* variables not available in safe mode under Apache when an
external basic auth mechanism is used. (Philip)
- Aliased dba_popen() to dba_open() until 4.3.1 when persistent STDIO streams
are introduced. (Andrei)
- Fixed a security bug in the bundled MySQL library. (Georg, Stefan)

2
sapi/apache/mod_php4.c

@ -448,7 +448,7 @@ static void init_request_info(TSRMLS_D)
authorization = table_get(r->headers_in, "Authorization");
}
if (authorization
&& !auth_type(r)
&& (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r)))
&& !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) {
tmp = uudecode(r->pool, authorization);
SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':');

Loading…
Cancel
Save