[php-maint] Bug#717267: Same problem in Ubuntu 13.10 with curl 7.32.0
Michael Kliewe
info at phpgangsta.de
Tue Feb 18 16:41:39 UTC 2014
Hi,
I have the same problem in current stable Ubuntu 13.10: PHP 5.5.3-1ubuntu2.1 with curl 7.32.0.
I did some tests with different PHP- and curl-versions:
not affected: 5.4.14 (curl 7.19.7)
affected: 5.5.3-1ubuntu2.1 (curl 7.32.0)
not affected: 5.5.3 (curl 7.22.0)
affected: 5.5.9 (curl 7.32.0)
not affected: 5.5.9 (curl 7.22.0)
not affected: 5.6-alpha2 (curl 7.22.0)
The problem seems to be curl 7.32.0. You can also reproduce it with curl command line:
curl --basic --user "1testuser:pass;word" http://www.phpgangsta.de/download/curl_auth_test.php
Here a PHP code snippet:
--------------
$curlSettings[CURLOPT_HTTPAUTH] = CURLAUTH_BASIC;
$curlSettings[CURLOPT_USERPWD] = '1testuser' . ':' . 'pass;word';
$curl = curl_init('http://www.phpgangsta.de/download/curl_auth_test.php');
// content: echo 'Password: '.$_SERVER['PHP_AUTH_PW'];
curl_setopt_array($curl, $curlSettings);
curl_exec($curl);
// should output: Password: pass;word
// wrong output: Password: pass
--------------
Current workaround for PHP >= 5.5.0: use CURLOPT_USERNAME and CURLOPT_PASSWORD instead of CURLOPT_USERPWD. The password is not truncated then.
Would be nice to get this fixed in Ubuntu, maybe by updating to newest curl version 7.35.0? I don't know if it has been fixed there, I cannot find anything regarding password truncation in Changelog.
Michael
More information about the pkg-php-maint
mailing list