MFH: Fixed bug #28670 (WWW-Authentication header mangling with PCRE in

author Ilia Alshanetsky <iliaa@php.net>

Mon, 7 Jun 2004 13:51:59 +0000 (13:51 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Mon, 7 Jun 2004 13:51:59 +0000 (13:51 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Mon, 7 Jun 2004 13:51:59 +0000 (13:51 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Mon, 7 Jun 2004 13:51:59 +0000 (13:51 +0000)
diff --git a/NEWS b/NEWS

index 2dd68cc95db2143ea1de5baab3a74aba8ab7475f..5a8ca87f397617faba01b6dff252e69a4492efca 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
  PHP 4                                                                      NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
  ?? ??? 2004, Version 4.3.8
+- Fixed bug #28670 (WWW-Authentication header mangling with PCRE in safe_mode
+  adds extra spaces). (Ilia)
  - Fixed bug #28649 (Proper glob() return value on Linux when there are no
    matches). (Ilia)
  - Fixed bug #28632 (Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL).
diff --git a/main/SAPI.c b/main/SAPI.c

index feec2c325bc55ee7945b919c1d5beebd6c3edb37..fae7f1f65d5bf2d2b88d22d7f0ae5fc13282d695 100644 (file)
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -596,6 +596,11 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
                                         char *ptr = colon_offset+1;
                                         int ptr_len=0, result_len = 0;
  
+                                       /* skip white space */
+                                       while (isspace(*ptr)) {
+                                               ptr++;
+                                       }
+
                                         myuid = php_getuid();
  
                                         ptr_len = strlen(ptr);
author	Ilia Alshanetsky <iliaa@php.net>
	Mon, 7 Jun 2004 13:51:59 +0000 (13:51 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Mon, 7 Jun 2004 13:51:59 +0000 (13:51 +0000)