diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
87bb3661fc
symfony/tests/Symfony/Tests/Component
History
Fabien Potencier 87bb3661fc merged branch kepten/ticket_1813 (PR #3551) 
Commits
-------

a450d00 [HttpFoundation] HTTP Basic authentication is broken with PHP as cgi/fastCGI under Apache

Discussion
----------

[HttpFoundation] HTTP Basic authentication is broken with php-cgi under Apache

Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #1813
Todo: -

In order to work, add this to the .htaccess:

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app.php [QSA,L]

---------------------------------------------------------------------------

by stof at 2012-03-10T17:34:26Z

you should also add a unit test for this

---------------------------------------------------------------------------

by kepten at 2012-03-11T15:34:04Z

Thanks for the feedback, I committed the changes.

---------------------------------------------------------------------------

by stof at 2012-04-04T01:59:53Z

@fabpot could you review it ?

---------------------------------------------------------------------------

by fabpot at 2012-04-04T07:15:34Z

My comments:

 * `ServerBag` represents what we have in the `$_SERVER` global variables. As such, the code should be moved to the `getHeaders()` method instead like the other tweaks we do for the HTTP headers.

 * A comment must be added explaining why this is needed and the configuration the user must have to make it work (then remove the Github URLs).

 * The code should only be executed when `PHP_AUTH_USER` is not available (to not have any overhead when not needed).

---------------------------------------------------------------------------

by danielholmes at 2012-04-14T13:27:09Z

A quick note on that .htaccess/apache configuration required, if adding to the Symfony SE htaccess file, then it will need to look like this:

```
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ app.php [QSA,L]
</IfModule>
```

NOTE: No **,L** in the Authorization Rewrite as in the original example - it prevents the front controller rewrite from happening

---------------------------------------------------------------------------

by towards at 2012-04-20T16:12:49Z

@kepten you were faster than me applying @fabpot's comments :) nevertheless part of the bug hunt day I also modified the ServerBag class and tested them on a productive LAMP hosting server using Apache and FastCGI

---------------------------------------------------------------------------

by kepten at 2012-04-20T16:15:57Z

ok, so is my PR is useless or should I still fix problems?

---------------------------------------------------------------------------

by towards at 2012-04-20T16:20:26Z

your PR is fine for sure and I don't want to interfere, just wanted to mention that part of the bug hunt day of Symfony I had a go at this PR as an "exercise" but just saw later on that you already fixed the problem, so you can ignore my pushes

---------------------------------------------------------------------------

by vicb at 2012-04-20T16:20:36Z

I have been working with @towards: your PR is useful, please implement his comments and squash your PR.

---------------------------------------------------------------------------

by kepten at 2012-04-20T16:59:07Z

never squashed before, is it okay now? :)

---------------------------------------------------------------------------

by stof at 2012-04-20T17:21:07Z

it is

---------------------------------------------------------------------------

by vicb at 2012-05-20T19:57:51Z

@fabpot this should be ready to be merged
2012-05-21 11:09:36 +02:00
..
BrowserKit fixed CS 2012-03-11 17:59:42 +01:00
ClassLoader [ClassLoader] Fixed state when trait_exists doesn't exists 2011-09-25 19:25:50 +02:00
Config fixed CS 2012-05-20 18:15:10 +02:00
Console fixed CS 2012-05-20 18:15:10 +02:00
CssSelector [CssSelector] ignored an optional whitespace after a combinator 2012-05-13 09:14:40 +02:00
DependencyInjection fixed CS 2012-05-20 18:15:10 +02:00
DomCrawler fixed CS 2012-05-20 18:15:10 +02:00
EventDispatcher [EventDispatcher] Fixed E_NOTICES with multiple eventnames per subscriber with mixed priorities 2012-04-12 15:56:02 +05:45
Finder [Finder] added a convenience method Finder::create() 2011-06-14 14:18:24 +02:00
Form fixed CS 2012-05-20 18:15:10 +02:00
HttpFoundation merged branch kepten/ticket_1813 (PR #3551) 2012-05-21 11:09:36 +02:00
HttpKernel fixed CS 2012-05-20 18:15:10 +02:00
Locale merged branch stealth35/locale_intl_error_name (PR #3959) 2012-04-18 10:38:01 +02:00
Process fixed CS 2012-05-20 18:15:10 +02:00
Routing fixed CS 2012-05-20 18:15:10 +02:00
Security fixed CS 2012-05-20 18:15:10 +02:00
Serializer [Serializer] Fix XML decoding attack vector through external entities 2012-02-24 22:50:04 +01:00
Templating removed unused use statements 2011-10-29 11:56:30 +02:00
Translation Rename test file 2011-12-29 16:30:31 +01:00
Validator Revert "merged branch jakzal/2.0-StaticMethodLoaderFix (PR #3937)" 2012-04-18 11:42:27 +02:00
Yaml [Yaml] fixed a test when iconv is not installed 2012-04-20 12:33:18 +02:00