diff options
author | Andrei Zmievski <andrei@php.net> | 2002-12-21 20:09:09 +0000 |
---|---|---|
committer | Andrei Zmievski <andrei@php.net> | 2002-12-21 20:09:09 +0000 |
commit | 614614c89e9ec62c27fd5843cba0582dd71ff63b (patch) | |
tree | 4252ae2b162980bfecbebd8abf625c5c29bce34c | |
parent | 4de8da30d081f0703190a47a5af8a5a20b0d9078 (diff) | |
download | php-git-614614c89e9ec62c27fd5843cba0582dd71ff63b.tar.gz |
Make PHP_AUTH_* variables not available in safe mode under Apache. Patch by
Philip Olson.
-rw-r--r-- | sapi/apache/mod_php4.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sapi/apache/mod_php4.c b/sapi/apache/mod_php4.c index ce060e3c75..5168ddf0fe 100644 --- a/sapi/apache/mod_php4.c +++ b/sapi/apache/mod_php4.c @@ -415,7 +415,7 @@ static void init_request_info(TSRMLS_D) authorization = table_get(r->headers_in, "Authorization"); } if (authorization - && !auth_type(r) + && (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r))) && !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) { tmp = uudecode(r->pool, authorization); SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':'); |