Yet another example of empty("0") returning TRUE and causing issues.

<?php
 
// If the server URL has a user then attempt to use basic authentication.
 
if (isset($uri['user'])) {
   
$options['headers']['Authorization'] = 'Basic ' . base64_encode($uri['user'] . (!empty($uri['pass']) ? ":" . $uri['pass'] : ''));
  }
?>

$uri['pass'] comes from parsing the URL, so something like this will demonstrate the issue:

<?php
drupal_http_request
('http://bob:0@localhost');
?>
Files: 
CommentFileSizeAuthor
#2 empty-password-http-request-1282986-2.patch691 bytesvalthebald
PASSED: [[SimpleTest]]: [MySQL] 32,981 pass(es).
[ View ]

Comments

Issue tags:+Novice

Code should probably check for array_key_exists()

StatusFileSize
new691 bytes
PASSED: [[SimpleTest]]: [MySQL] 32,981 pass(es).
[ View ]

Replaced !empty() with isset() + replaced double quotes "" with ''

Status:Active» Needs review

I'm unable to recreate the issue with the current 8.x dev snapshot. I tested against 2 sites: one with a browser password required and another publicly available one. I took the response of drupal_http_request('http://user:0@site') and output the results using dpm.

On a site with a browser password
When I used the correct user/pass, I got a 200 response ok.
When I used the incorrect user/pass, I get a 401 response (authorization required)
When I use "0" or "" for the password, I also get a 401 response.

On a site without a browser password, there is never an issue.

What response are you getting in order to recreate? Or is there supposed to be a different error than 401?

In order to recreate, user password must be '0' (or '00', or any longer combination).
Without patch, you should get 401, with patch - 200

#5 Thanks. Will retest knowing that.

Code looks fine but this should be tested.
EDIT: Tested as in tested manually. I don't think we can write automated tests for drupal_http_request()

Status:Needs review» Reviewed & tested by the community

cool. It works now. Unless anyone can think of a situation where isset would be inappropriate, marking reviewed and tested by the community.

Issue tags:+needs backport to D7

Same patch applies to D7 as well, adding 'needs backport to D7'

Status:Reviewed & tested by the community» Fixed

Committed to 7.x and 8.x. Thanks!

Automatically closed -- issue fixed for 2 weeks with no activity.