PCRE + Safemode + WWW-authenticate header error
| Bug #28670 | PCRE + Safemode + WWW-authenticate header error | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Submitted: | 2004-06-07 14:19 UTC | Modified: | 2004-06-08 14:35 UTC |
|
||||||||||
| From: | jg at b-one dot net | Assigned: | ||||||||||||
| Status: | Wont fix | Package: | Unknown/Other Function | |||||||||||
| PHP Version: | 4CVS-2004-06-07 (stable) | OS: | Linux (Debian) | |||||||||||
| Private report: | No | CVE-ID: | None | |||||||||||
[2004-06-07 14:19 UTC] jg at b-one dot net
Description:
------------
pcre-regexp + safemode affects output of
header("WWW-Authenticate: Basic realm=\"ABC\");
and causes internal server error with mod_fcgi.
The problem is in 4.3.7 and latest stable cvs 2004-06-07
In safemode without pcre-regexp php return
WWW-Authenticate: Basic realm="1000"
With pcre-regexp php returns
WWW-Authenticate: Basic realm="ABC-1000"
I suspect the extra space between key and value to cause mod_fcgi to "internal server error".
Reproduce code:
---------------
<?
header("HTTP/1.1 401 Unauthorized");
header("WWW-Authenticate: Basic realm=\"ABC\"");
echo "I need your credentials";
?>
Expected result:
----------------
Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate: Basic realm="ABC-1000"
Actual result:
--------------
without pcre-regexp:
Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate: Basic realm="1000"
with pcre-regexp:
Status: 401
Content-type: text/html
X-Powered-By: PHP/4.3.7
WWW-Authenticate: Basic realm="ABC-1000"
(notice extra space)
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2004-06-07 15:52 UTC] iliaa@php.net
[2004-06-08 10:01 UTC] jg at b-one dot net
[2004-06-08 14:35 UTC] iliaa@php.net