diff options
author | Moriyoshi Koizumi <moriyoshi@php.net> | 2002-12-21 21:52:41 +0000 |
---|---|---|
committer | Moriyoshi Koizumi <moriyoshi@php.net> | 2002-12-21 21:52:41 +0000 |
commit | 6e2cd3fcfe5bc7ca93d88fcda681af16590b9602 (patch) | |
tree | c2ee0a7cbc58b34b103e85f49fc66b6219a89d54 | |
parent | b686c05f3b0b48967990a9dada79c200191578e2 (diff) | |
download | php-git-6e2cd3fcfe5bc7ca93d88fcda681af16590b9602.tar.gz |
MFH: Made auth information inaccessible under safe mode
-rw-r--r-- | sapi/apache2filter/sapi_apache2.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sapi/apache2filter/sapi_apache2.c b/sapi/apache2filter/sapi_apache2.c index 052863d345..09b5ce7b22 100644 --- a/sapi/apache2filter/sapi_apache2.c +++ b/sapi/apache2filter/sapi_apache2.c @@ -369,8 +369,13 @@ static void php_apache_request_ctor(ap_filter_t *f, php_struct *ctx TSRMLS_DC) apr_table_unset(f->r->headers_out, "Expires"); apr_table_unset(f->r->headers_out, "ETag"); apr_table_unset(f->r->headers_in, "Connection"); - auth = apr_table_get(f->r->headers_in, "Authorization"); - php_handle_auth_data(auth TSRMLS_CC); + if (!PG(safe_mode)) { + auth = apr_table_get(f->r->headers_in, "Authorization"); + php_handle_auth_data(auth TSRMLS_CC); + } else { + SG(request_info).auth_user = NULL; + SG(request_info).auth_password = NULL; + } php_request_startup(TSRMLS_C); } |