From: Jani Taskinen Date: Mon, 25 Jan 2010 16:28:13 +0000 (+0000) Subject: - Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication) X-Git-Tag: php-5.2.13RC1~4 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d70e5544beec2965c533a66f25d269928a2f1f72;p=php - Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication) --- diff --git a/NEWS b/NEWS index a4490f38d8..3526e77593 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,8 @@ PHP NEWS gdImageFilledPolygon (libgd #100). (Takeshi Abe) - Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey) +- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP + authentication). (Jani) - Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe) - Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index c51d1051f3..6ba48bef9d 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -415,15 +415,19 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, } /* auth header if it was specified */ - if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && resource->pass) { + if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) { /* decode the strings first */ php_url_decode(resource->user, strlen(resource->user)); - php_url_decode(resource->pass, strlen(resource->pass)); /* scratch is large enough, since it was made large enough for the whole URL */ strcpy(scratch, resource->user); strcat(scratch, ":"); - strcat(scratch, resource->pass); + + /* Note: password is optional! */ + if (resource->pass) { + php_url_decode(resource->pass, strlen(resource->pass)); + strcat(scratch, resource->pass); + } tmp = (char*)php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL); @@ -719,7 +723,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, s++; \ } \ } \ -} \ +} /* check for control characters in login, password & path */ if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) { CHECK_FOR_CNTRL_CHARS(resource->user)