From: Sascha Schumann <sas@php.net>
Date: Fri, 27 Oct 2000 10:26:57 +0000 (+0000)
Subject: The CGI RFC allows servers to pass Authorization data to the script,
X-Git-Tag: php-4.0.4RC3~503
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b725c6eef3b868eb8bbfe5b229314bb53144e475;p=php

The CGI RFC allows servers to pass Authorization data to the script,
if the server did not use the information contained therein.

See 6.1.5 and 11.2 of the proposed spec.
---

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 7038f2dead..fd96320ae4 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -276,6 +276,7 @@ static void php_cgi_usage(char *argv0)
 static void init_request_info(SLS_D)
 {
 	char *content_length = getenv("CONTENT_LENGTH");
+	const char *auth;
 
 #if 0
 /* SG(request_info).path_translated is always set to NULL at the end of this function
@@ -326,10 +327,14 @@ static void init_request_info(SLS_D)
 	SG(request_info).content_type = getenv("CONTENT_TYPE");
 	SG(request_info).content_length = (content_length?atoi(content_length):0);
 	SG(sapi_headers).http_response_code = 200;
-	/* CGI does not support HTTP authentication */
-	SG(request_info).auth_user = NULL;
-	SG(request_info).auth_password = NULL;
-
+	
+	/* The CGI RFC allows servers to pass on unvalidated Authorization data */
+	if ((auth = getenv("HTTP_AUTHORIZATION"))) {
+		php_handle_auth_data(auth SLS_CC);
+	} else {
+		SG(request_info).auth_user = NULL;
+		SG(request_info).auth_password = NULL;
+	}
 
 }