Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:11223
Return-Path: <sesser@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33680 invoked by uid 1010); 14 Jul 2004 09:57:44 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 33596 invoked from network); 14 Jul 2004 09:57:43 -0000
Received: from unknown (HELO e-matters.de) (217.69.76.213)
  by pb1.pair.com with SMTP; 14 Jul 2004 09:57:43 -0000
Received: (qmail 15711 invoked by uid 0); 14 Jul 2004 09:56:01 -0000
Received: from p508d64ec.dip.t-dialin.net (HELO ?192.168.1.77?) (80.141.100.236)
  by /var/run/qmail-smtp.pid with SMTP; 14 Jul 2004 09:56:01 -0000
Message-ID: <40F50395.1070904@php.net>
Date: Wed, 14 Jul 2004 11:57:41 +0200
User-Agent: Mozilla Thunderbird 0.7 (Windows/20040616)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  internals@lists.php.net
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: PHP5.0.0 - Basic Auth completely broken (Apache1)
From: sesser@php.net (Stefan Esser)

Hi,

unfourtunately the security patch for 5.0.0 was broken in one Apache1 
specific part. Basic auth does not detect that username+password was given.

PHP 4.3.x is not affected because that patch did not go into it (yet).

Stefan