From: lacak at users dot sourceforge dot net Operating system: Win PHP version: 4.3.10 PHP Bug Type: Feature/Change Request Bug description: apache_request_headers() does not rturn Authorization header
Description: ------------ Help PHP Developers, please, please if PHP is running as Apache module in safe_mode=on in result of function apache_request_headers() is not included Authorization header. When I use "HTTP Digest Authorization" in my PHP script I cannot validate clients response, because I can not obtain supplied Authorization header. Please change behavior of apache_request_headers(), so it hides Authorization header only if : (safe_mode=on) && (AuthType is set to [Basic|Digest] in httpd.conf or .htaccess) so only if Apache performs authentication Please rply ... Thank you Reproduce code: --------------- Sample code : <?php $headers=apache_request_headers(); if (isset($headers["Authorization"]) { print_r($headers); phpinfo(); exit; } if (isset($_SERVER["PHP_AUTH_USER"])) { echo $_SERVER["PHP_AUTH_USER"].":".$_SERVER["PHP_AUTH_PW"]; print_r(apache_request_headers()); phpinfo(); exit; } if (!empty($_SERVER["REMOTE_IDENT"])) { echo $_SERVER["REMOTE_IDENT"]; print_r(apache_request_headers()); phpinfo(); exit; } if (!empty($_SERVER["Authorization"])) { echo $_SERVER["Authorization"]; print_r(apache_request_headers()); phpinfo(); exit; } Header( "HTTP/1.0 401 Unauthorized"); Header( "WWW-Authenticate: Digest realm=\"www.myrealm.com\", opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\""); print_r(getallheaders()); exit; ?> -- Edit bug report at http://bugs.php.net/?id=32392&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32392&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=32392&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=32392&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=32392&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=32392&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=32392&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=32392&r=needscript Try newer version: http://bugs.php.net/fix.php?id=32392&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=32392&r=support Expected behavior: http://bugs.php.net/fix.php?id=32392&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=32392&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=32392&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=32392&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32392&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=32392&r=dst IIS Stability: http://bugs.php.net/fix.php?id=32392&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=32392&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=32392&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=32392&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=32392&r=mysqlcfg