Yet another example of empty("0") returning TRUE and causing issues.

  // If the server URL has a user then attempt to use basic authentication.
  if (isset($uri['user'])) {
    $options['headers']['Authorization'] = 'Basic ' . base64_encode($uri['user'] . (!empty($uri['pass']) ? ":" . $uri['pass'] : ''));

$uri['pass'] comes from parsing the URL, so something like this will demonstrate the issue:

#2 empty-password-http-request-1282986-2.patch691 bytesvalthebald
PASSED: [[SimpleTest]]: [MySQL] 32,981 pass(es). View
Members fund testing for the Drupal project. Drupal Association Learn more


lyricnz’s picture

Issue tags: +Novice

Code should probably check for array_key_exists()

valthebald’s picture

691 bytes
PASSED: [[SimpleTest]]: [MySQL] 32,981 pass(es). View

Replaced !empty() with isset() + replaced double quotes "" with ''

valthebald’s picture

Status: Active » Needs review
rickmanelius’s picture

I'm unable to recreate the issue with the current 8.x dev snapshot. I tested against 2 sites: one with a browser password required and another publicly available one. I took the response of drupal_http_request('http://user:0@site') and output the results using dpm.

On a site with a browser password
When I used the correct user/pass, I got a 200 response ok.
When I used the incorrect user/pass, I get a 401 response (authorization required)
When I use "0" or "" for the password, I also get a 401 response.

On a site without a browser password, there is never an issue.

What response are you getting in order to recreate? Or is there supposed to be a different error than 401?

valthebald’s picture

In order to recreate, user password must be '0' (or '00', or any longer combination).
Without patch, you should get 401, with patch - 200

rickmanelius’s picture

#5 Thanks. Will retest knowing that.

tstoeckler’s picture

Code looks fine but this should be tested.
EDIT: Tested as in tested manually. I don't think we can write automated tests for drupal_http_request()

rickmanelius’s picture

Status: Needs review » Reviewed & tested by the community

cool. It works now. Unless anyone can think of a situation where isset would be inappropriate, marking reviewed and tested by the community.

valthebald’s picture

Issue tags: +needs backport to D7

Same patch applies to D7 as well, adding 'needs backport to D7'

Dries’s picture

Status: Reviewed & tested by the community » Fixed

Committed to 7.x and 8.x. Thanks!

Automatically closed -- issue fixed for 2 weeks with no activity.