[php-maint] Bug#717267: Same problem in Ubuntu 13.10 with curl 7.32.0

Michael Kliewe info at phpgangsta.de
Tue Feb 18 16:41:39 UTC 2014


I have the same problem in current stable Ubuntu 13.10: PHP  5.5.3-1ubuntu2.1 with curl 7.32.0.

I did some tests with different PHP- and curl-versions:

not affected: 5.4.14           (curl 7.19.7)
affected:     5.5.3-1ubuntu2.1 (curl 7.32.0)
not affected: 5.5.3            (curl 7.22.0)
affected:     5.5.9            (curl 7.32.0)
not affected: 5.5.9            (curl 7.22.0)
not affected: 5.6-alpha2       (curl 7.22.0)

The problem seems to be curl 7.32.0. You can also reproduce it with curl command line:

curl --basic --user "1testuser:pass;word" http://www.phpgangsta.de/download/curl_auth_test.php

Here a PHP code snippet:

$curlSettings[CURLOPT_USERPWD] = '1testuser' . ':' . 'pass;word';

$curl = curl_init('http://www.phpgangsta.de/download/curl_auth_test.php');
               // content:   echo 'Password: '.$_SERVER['PHP_AUTH_PW'];
curl_setopt_array($curl, $curlSettings);

// should output:   Password: pass;word
// wrong output:    Password: pass

Current workaround for PHP >= 5.5.0: use CURLOPT_USERNAME and CURLOPT_PASSWORD instead of CURLOPT_USERPWD. The password is not truncated then.

Would be nice to get this fixed in Ubuntu, maybe by updating to newest curl version 7.35.0? I don't know if it has been fixed there, I cannot find anything regarding password truncation in Changelog.


More information about the pkg-php-maint mailing list