diff options
| author | Rasmus Lerdorf <rasmus@php.net> | 2001-10-21 00:20:44 +0000 |
|---|---|---|
| committer | Rasmus Lerdorf <rasmus@php.net> | 2001-10-21 00:20:44 +0000 |
| commit | 0a1c75a106524100c45c08dc4153e0cdeb2e833c (patch) | |
| tree | bac6c9699465cc47a10365b0f37c97521aa58bfd | |
| parent | b9f4c048889bff7be7c183831665198a70b7bbb8 (diff) | |
| download | php-git-0a1c75a106524100c45c08dc4153e0cdeb2e833c.tar.gz | |
MFH
| -rw-r--r-- | main/SAPI.c | 57 | ||||
| -rw-r--r-- | sapi/apache/php_apache.c | 2 |
2 files changed, 58 insertions, 1 deletions
diff --git a/main/SAPI.c b/main/SAPI.c index ac082fb6d3..fe1a77ac31 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -23,6 +23,9 @@ #include "php.h" #include "SAPI.h" +#include "ext/standard/php_string.h" +#include "ext/standard/pageinfo.h" +#include "ext/pcre/php_pcre.h" #ifdef ZTS #include "TSRM.h" #endif @@ -371,6 +374,8 @@ SAPI_API int sapi_add_header_ex(char *header_line, uint header_line_len, zend_bo int retval, free_header = 0; sapi_header_struct sapi_header; char *colon_offset; + int result_len = 0; + long myuid = 0L; if (SG(headers_sent) && !SG(request_info).no_headers) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -440,7 +445,59 @@ SAPI_API int sapi_add_header_ex(char *header_line, uint header_line_len, zend_bo SG(sapi_headers).http_response_code = 302; } } else if (!STRCASECMP(header_line, "WWW-Authenticate")) { /* HTTP Authentication */ + zval *repl_temp; + char *result, *newheader, *ptr = colon_offset+1; + int newlen, ptr_len=0; + SG(sapi_headers).http_response_code = 401; /* authentication-required */ + if(PG(safe_mode)) { + myuid = php_getuid(); + + ptr_len = strlen(ptr); + MAKE_STD_ZVAL(repl_temp); + Z_STRVAL_P(repl_temp) = emalloc(32); + Z_STRLEN_P(repl_temp) = sprintf(Z_STRVAL_P(repl_temp), "realm=\"\\1-%ld\"", myuid); + /* Modify quoted realm value */ + result = php_pcre_replace("/realm=\"(.*?)\"/i", 16, + ptr, ptr_len, + repl_temp, + 0, &result_len, -1 TSRMLS_CC); + if(result_len==ptr_len) { + efree(result); + sprintf(Z_STRVAL_P(repl_temp), "realm=\\1-%ld\\2", myuid); + /* modify unquoted realm value */ + result = php_pcre_replace("/realm=([^\\s]+)(.*)/i", 21, + ptr, ptr_len, + repl_temp, + 0, &result_len, -1 TSRMLS_CC); + if(result_len==ptr_len) { + char *lower_temp = estrdup(ptr); + char conv_temp[32]; + int conv_len; + + php_strtolower(lower_temp,strlen(lower_temp)); + /* If there is no realm string at all, append one */ + if(!strstr(lower_temp,"realm")) { + efree(result); + conv_len = sprintf(conv_temp," realm=\"%ld\"",myuid); + result = emalloc(ptr_len+conv_len+1); + memcpy(result, ptr, ptr_len); + memcpy(result+ptr_len, conv_temp, conv_len); + *(result+ptr_len+conv_len) = '\0'; + } + efree(lower_temp); + } + } + newlen = sizeof("WWW-Authenticate: ") + result_len; + newheader = emalloc(newlen+1); + sprintf(newheader,"WWW-Authenticate: %s", result); + efree(header_line); + sapi_header.header = newheader; + sapi_header.header_len = newlen; + efree(result); + efree(Z_STRVAL_P(repl_temp)); + efree(repl_temp); + } } *colon_offset = ':'; } diff --git a/sapi/apache/php_apache.c b/sapi/apache/php_apache.c index 053fc3ecd0..67482795fb 100644 --- a/sapi/apache/php_apache.c +++ b/sapi/apache/php_apache.c @@ -277,7 +277,7 @@ PHP_MINFO_FUNCTION(apache) env_arr = table_elts(r->headers_in); env = (table_entry *)env_arr->elts; for (i = 0; i < env_arr->nelts; ++i) { - if (env[i].key) { + if (env[i].key && (!PG(safe_mode) || (PG(safe_mode) && strncasecmp(env[i].key, "authorization", 13)))) { php_info_print_table_row(2, env[i].key, env[i].val); } } |