Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
drupal_http_request parses the incoming url and properly determines the username/path but then fails to actually support it.
Attached patch fixes this issue.
Steps to repeat:
Use drupal_http_request on a URL that requires authentication
use http://user:pass@example.com/end/point.php as the $url in your drupal_http_request
Expected results:
Works
Actual results:
Fails with various confusing error messages
Comment | File | Size | Author |
---|---|---|---|
#6 | http_request_basic_auth-182410-6.patch | 845 bytes | greggles |
#4 | http_request_basic_auth-182410-4.patch | 820 bytes | chx |
#3 | http_request_basic_auth_1.patch | 819 bytes | greggles |
#1 | http_request_basic_auth_0.patch | 806 bytes | greggles |
http_request_basic_auth.patch | 726 bytes | greggles | |
Comments
Comment #1
gregglesSlightly better version. Adds a comment to explain what this is and also supports the fact that authentication can work with just http://user@example.com/
Thanks to chx.
Comment #2
chx CreditAttribution: chx commentedNo. This is a header and must go to the headers, I told you on IRC to use += so if someone specified an Auth header then that's honored.
Comment #3
gregglesRight - that makes sense to me (now) ;)
So, I did a double take while coding this and chx in reviewing it (again) that when setting the $defaults the header prefix is both the key and the beginning of the value. Look at all the other $defaults to see that this is the case.
Comment #4
chx CreditAttribution: chx commentedSome background: greggles was using an xmlrpc endpoint which has basic auth. I told him to patch this function instead of _xmlrpc. So, after suggesting the patch in the first place and pushing it through the rounds, I actually made a change -- added a space where it was missing :)
Comment #5
Gábor HojtsyLook right, thanks, committed.
Comment #6
gregglesThanks, chx and Gábor.
Rerolled against 5.
Comment #7
chx CreditAttribution: chx commentedYou already proted it, so...
Comment #12
drummLooks like a feature to me.
Comment #13
fgmActually, it looks like a bug to me. Let me detail this stance:
So, all in all, I feel I have to conclude it is indeed a bug, which can be fixed in either of two ways: by documenting the fact that no Auth is supported and rejecting the related parameters when present or by accepting them and processing them as they should be. Either is correct, and the latter is vastly more useful.
It so happens that chx' fix implements the latter nicely : the same code is already present in D6, and the fix doesn't impact any code relying on the current behaviour of dhr, so there is no backwards compatibility issue.
For all these reasons, I'm reopening the issue for consideration towards inclusion the next D5.x minor release.
Comment #14
drummCommitted to 5.x.
Comment #15
(not verified) CreditAttribution: commentedAutomatically closed -- issue fixed for two weeks with no activity.