This made no sense before. Hide Authorization in getallheaders() but

display it from phpinfo()?  Ouch!
@ Hide Authorization header from phpinfo() output in safe_mode (Rasmus)

diff --git a/sapi/apache/php_apache.c b/sapi/apache/php_apache.c
index 6c995aa171b34a51cf0ca4d57beca538e1bf8c9d..5a1b835459766590d23e28ccbd17275aa21ee36b 100644 (file)
--- a/sapi/apache/php_apache.c
+++ b/sapi/apache/php_apache.c
@@ -278,7 +278,7 @@ PHP_MINFO_FUNCTION(apache)
                env_arr = table_elts(r->headers_in);
                env = (table_entry *)env_arr->elts;
                for (i = 0; i < env_arr->nelts; ++i) {
-                       if (env[i].key) {
+                       if (env[i].key && (!PG(safe_mode) || (PG(safe_mode) && strncasecmp(env[i].key, "authorization", 13)))) {
                                php_info_print_table_row(2, env[i].key, env[i].val);
                        }
                }