PHP Documentation - #39154 [NEW]: HTTP digest auth example: incorrect regexp

For Programmers: Free Programming Magazines

Home > Archive > PHP Documentation > October 2006 > #39154 [NEW]: HTTP digest auth example: incorrect regexp

You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author

#39154 [NEW]: HTTP digest auth example: incorrect regexp

thetrivialstuff at hotmail dot com

2006-10-13, 6:57 pm

From: thetrivialstuff at hotmail dot com
Operating system: Irrelevant
PHP version: Irrelevant
PHP Bug Type: Documentation problem
Bug description: HTTP digest auth example: incorrect regexp

Description:
------------
In the Digest Authentication example on this page:

<http://ca3.php.net/manual/en/features.http-auth.php>

The regular expression used for splitting the auth header is missing at
least one character. The script will fail if a url contains a question
mark '?'. A fix is to change the preg_match_all line to be:

preg_match_all('@(\w+)=(['"]?)([a-zA-Z0-9?=./\_-]+)\2@', $txt, $matches,
PREG_SET_ORDER);

Reproduce code:
---------------
see <http://ca3.php.net/manual/en/features.http-auth.php>, digest auth
example. copy & paste that code into a new file, then try to reach it with
something like (example URL):

http://<your web server>/<file>.php?some=parameter

Expected result:
----------------
I expect the example URL above to authenticate as usual.

Actual result:
--------------
It will never authenticate, because the http_digest_parse() function
returns false after failing to catch the "uri" parameter from the browser
response.

--
Edit bug report at http://bugs.php.net/?id=39154&edit=1
--
Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=39154&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=39154&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=39154&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=39154&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=39154&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=39154&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=39154&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=39154&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=39154&r=support
Expected behavior: http://bugs.php.net/fix.php?id=39154&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=39154&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=39154&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=39154&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=39154&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=39154&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=39154&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=39154&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=39154&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=39154&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=39154&r=mysqlcfg

Sponsored Links

Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com