MFH:- Fixed bug #45568 (ISAPI does not property clear auth_digest in header).

2 files changed, 4 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index a9643eebcf..8a863160af 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,8 @@ PHP                                                                        NEWS
 - Fixed a regression when using strip_tags() and < is within an attribute.
   (Scott)
 
+- Fixed bug #45568 (ISAPI doesn't property clear auth_digest in header).
+  (Patch by: navara at emclient dot com)
 - Fixed bug #45556 (Return value from callback isn't freed). (Felipe)
 - Fixed bug #45555 (Segfault with invalid non-string as 
   register_introspection_callback). (Christian Seiler)
diff --git a/sapi/isapi/php5isapi.c b/sapi/isapi/php5isapi.c
index e5f536deaa..1f5325f7e9 100644
--- a/sapi/isapi/php5isapi.c
+++ b/sapi/isapi/php5isapi.c
@@ -711,6 +711,7 @@ DWORD WINAPI HttpFilterProc(PHTTP_FILTER_CONTEXT pfc, DWORD notificationType, LP
 		case SF_NOTIFY_PREPROC_HEADERS:
 			SG(request_info).auth_user = NULL;
 			SG(request_info).auth_password = NULL;
+			SG(request_info).auth_digest = NULL;
 			break;
 		case SF_NOTIFY_AUTHENTICATION: {
 				char *auth_user = ((HTTP_FILTER_AUTHENT *) pvNotification)->pszUser;
@@ -745,7 +746,7 @@ static void init_request_info(LPEXTENSION_CONTROL_BLOCK lpECB TSRMLS_DC)
 	SG(request_info).content_length = lpECB->cbTotalBytes;
 	SG(sapi_headers).http_response_code = 200;  /* I think dwHttpStatusCode is invalid at this stage -RL */
 	if (!bFilterLoaded) { /* we don't have valid ISAPI Filter information */
-		SG(request_info).auth_user = SG(request_info).auth_password = NULL;
+		SG(request_info).auth_user = SG(request_info).auth_password = SG(request_info).auth_digest = NULL;
 	}
 
 #ifdef WITH_ZEUS