HTTP fopen wrapper does not support passwordless HTTP authentication
| Bug #50832 | HTTP fopen wrapper does not support passwordless HTTP authentication | ||||
|---|---|---|---|---|---|
| Submitted: | 2010-01-25 10:15 UTC | Modified: | 2010-01-25 16:28 UTC | ||
| From: | sebastian at sebsoft dot nl | Assigned: | jani (profile) | ||
| Status: | Closed | Package: | HTTP related | ||
| PHP Version: | 5.*, 6 | OS: | * | ||
| Private report: | No | CVE-ID: | None | ||
[2010-01-25 10:15 UTC] sebastian at sebsoft dot nl
Description: ------------ When using file_get_contents, the function only seems to include HTTP Authentication data when the password is set. When no password is set (e.g. http://username@myurl.com), no authentication data is sent. The result of this is, when calling another PHP script with file_get_contents and only supplying an HTTP username, $_SERVER['PHP_AUTH_USER'] is (unexpectedly) not set. We are using Apache 2.2 in this setup (for server.php). $_SERVER['PHP_AUTH_USER'] does seem to be set when calling the same URL using cURL or a browser. Reproduce code: --------------- client.php: <?php echo file_get_contents('http://testusername@hostname.tld/server.php'); ?> server.php: <?php if (isset($_SERVER['PHP_AUTH_USER'])) { echo $_SERVER['PHP_AUTH_USER']; } else { echo "PHP AUTH USER not set"; } ?> Expected result: ---------------- USER: testusername Actual result: -------------- PHP AUTH USER not set
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits