From 614614c89e9ec62c27fd5843cba0582dd71ff63b Mon Sep 17 00:00:00 2001
From: Andrei Zmievski <andrei@php.net>
Date: Sat, 21 Dec 2002 20:09:09 +0000
Subject: Make PHP_AUTH_* variables not available in safe mode under Apache.
 Patch by Philip Olson.

---
 sapi/apache/mod_php4.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sapi/apache/mod_php4.c b/sapi/apache/mod_php4.c
index ce060e3c75..5168ddf0fe 100644
--- a/sapi/apache/mod_php4.c
+++ b/sapi/apache/mod_php4.c
@@ -415,7 +415,7 @@ static void init_request_info(TSRMLS_D)
 		authorization = table_get(r->headers_in, "Authorization");
 	}
 	if (authorization
-		&& !auth_type(r)
+		&& (!PG(safe_mode) || (PG(safe_mode) && !auth_type(r)))
 		&& !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) {
 		tmp = uudecode(r->pool, authorization);
 		SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':');
-- 
cgit v1.2.1