PHP :: Bug #63126 :: DISABLE_AUTHENTICATOR ignores array
| Bug #63126 | DISABLE_AUTHENTICATOR ignores array | ||||
|---|---|---|---|---|---|
| Submitted: | 2012-09-21 06:33 UTC | Modified: | 2012-11-24 16:22 UTC | ||
| From: | remi@php.net | Assigned: | remi (profile) | ||
| Status: | Closed | Package: | IMAP related | ||
| PHP Version: | 5.4.7 | OS: | GNU/Linux (Fedora 18) | ||
| Private report: | No | CVE-ID: | None | ||
[2012-09-21 06:33 UTC] remi@php.net
Description:
------------
According to source code, DISABLE_AUTHENTICATOR could be a string or an array.
Works as expected:
imap_open($srv,$user,$pass,OP_HALF_OPEN,1,
array('DISABLE_AUTHENTICATOR'=>'GSSAPI');
Doesn't works:
imap_open($srv,$user,$pass,OP_HALF_OPEN,1,
array('DISABLE_AUTHENTICATOR'=>array('GSSAPI','NTLM'));
The trivial attached patch should fix this (but cannot test it)
Patches
imap.patch (last revision 2012-09-21 06:33 UTC by remi)Pull Requests
History
AllCommentsChangesGit/SVN commits
[2012-09-21 06:42 UTC] remi@php.net
[2012-09-21 07:38 UTC] remi@php.net
I can find a exchange server an test the fix. Test script: $inbox = imap_open($server,$userlogin,$password,OP_HALFOPEN,1,array('DISABLE_AUTHENTICATOR' => array('GSSAPI','NTLM'))); var_dump(imap_errors()); Without the patch: array(2) { [0]=> string(148) "Kerberos error: Credentials cache file '/run/user/1000/krb5cc_ea1f24ead9d3199b715d4d57505d4335/t (try running kinit) for exchange2007.xxxx" [1]=> string(55) "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN" } With the patch: array(1) { [0]=> string(55) "SECURITY PROBLEM: insecure server advertised AUTH=PLAIN" }[2012-11-24 13:39 UTC] remi@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: remi
[2012-11-24 13:59 UTC] remi@php.net
-Status: Assigned +Status: Closed
[2012-11-24 16:22 UTC] laruence@php.net