bug #11092 [HttpFoundation] Fix basic authentication in url with PHP-FPM (Kdecherf)
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix basic authentication in url with PHP-FPM
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | dispute
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
`getUser()` and `getPassword()` from `Request` are broken when using PHP-FPM because of the lack of `$_SERVER['PHP_AUTH_USER']` and `$_SERVER['PHP_AUTH_PW']`. This PR fixes the issue.
However, now an empty password will return an empty string (which is the expected behavior of `ServerBag`) instead of `NULL`. The test is updated accordingly, but should we consider this as a breakage?
This issue was spotted by using basic auth via the Illuminate component of Laravel and is present from v2.1.0 to master.
Commits
-------
7a75adf
[HttpFoundation] Basic auth in url is broken when using PHP CGI/FPM
This commit is contained in:
commit
cf28fd40b5
@ -949,7 +949,7 @@ class Request
|
|||||||
*/
|
*/
|
||||||
public function getUser()
|
public function getUser()
|
||||||
{
|
{
|
||||||
return $this->server->get('PHP_AUTH_USER');
|
return $this->headers->get('PHP_AUTH_USER');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -959,7 +959,7 @@ class Request
|
|||||||
*/
|
*/
|
||||||
public function getPassword()
|
public function getPassword()
|
||||||
{
|
{
|
||||||
return $this->server->get('PHP_AUTH_PW');
|
return $this->headers->get('PHP_AUTH_PW');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -209,7 +209,7 @@ class RequestTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertEquals(80, $request->getPort());
|
$this->assertEquals(80, $request->getPort());
|
||||||
$this->assertEquals('test.com', $request->getHttpHost());
|
$this->assertEquals('test.com', $request->getHttpHost());
|
||||||
$this->assertEquals('testnopass', $request->getUser());
|
$this->assertEquals('testnopass', $request->getUser());
|
||||||
$this->assertNull($request->getPassword());
|
$this->assertSame('',$request->getPassword());
|
||||||
$this->assertFalse($request->isSecure());
|
$this->assertFalse($request->isSecure());
|
||||||
|
|
||||||
$request = Request::create('http://test.com/?foo');
|
$request = Request::create('http://test.com/?foo');
|
||||||
|
Reference in New Issue
Block a user