From b725c6eef3b868eb8bbfe5b229314bb53144e475 Mon Sep 17 00:00:00 2001 From: Sascha Schumann Date: Fri, 27 Oct 2000 10:26:57 +0000 Subject: [PATCH] The CGI RFC allows servers to pass Authorization data to the script, if the server did not use the information contained therein. See 6.1.5 and 11.2 of the proposed spec. --- sapi/cgi/cgi_main.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 7038f2dead..fd96320ae4 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -276,6 +276,7 @@ static void php_cgi_usage(char *argv0) static void init_request_info(SLS_D) { char *content_length = getenv("CONTENT_LENGTH"); + const char *auth; #if 0 /* SG(request_info).path_translated is always set to NULL at the end of this function @@ -326,10 +327,14 @@ static void init_request_info(SLS_D) SG(request_info).content_type = getenv("CONTENT_TYPE"); SG(request_info).content_length = (content_length?atoi(content_length):0); SG(sapi_headers).http_response_code = 200; - /* CGI does not support HTTP authentication */ - SG(request_info).auth_user = NULL; - SG(request_info).auth_password = NULL; - + + /* The CGI RFC allows servers to pass on unvalidated Authorization data */ + if ((auth = getenv("HTTP_AUTHORIZATION"))) { + php_handle_auth_data(auth SLS_CC); + } else { + SG(request_info).auth_user = NULL; + SG(request_info).auth_password = NULL; + } } -- 2.50.1