You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/02/01 16:24:03 UTC
DO NOT REPLY [Bug 48652] New: "AuthType form" fails if a password
contains '&' sign
https://issues.apache.org/bugzilla/show_bug.cgi?id=48652
Summary: "AuthType form" fails if a password contains '&' sign
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_auth
AssignedTo: bugs@httpd.apache.org
ReportedBy: mike.fursov@gmail.com
When I use '&' (ampersand) sign in a user's password "AuthType form" fails to
authenticate a user.
The configuration example is below.
If I change AuthType to Basic the authentication works, so I think this is a
bug in mod_auth_form.
<Location /test>
Require valid-user
ErrorDocument 401 /test-login
AuthType form
AuthName inline
AuthFormProvider ldap
AuthLDAPURL
"ldap://192.168.0.100/ou=Users,dc=test,dc=company,dc=com?uid?one"
SessionCryptoPassphrase client-pass
Session On
SessionCookieName clientSSOpass path=/;httponly;secure;Version=1;
SessionMaxAge 0
AuthFormFakeBasicAuth On
ProxyPass http://server2:8080/test
ProxyPassReverse http://server2:8080/test
RequestHeader unset Accept-Encoding
RequestHeader set SSOHandler true
</Location>
The Apache version I use is 2.3.4, system: Ubuntu 64bit
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48652] "AuthType form" fails if a password
contains '&' sign
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48652
--- Comment #1 from Nick Kew <ni...@webthing.com> 2010-07-04 23:34:31 EDT ---
I suspect this is just a matter of the URLencoding. Probably best just to make
a note in the mod_form docs about avoiding urlencoded chars. I'll do that now.
Leaving the report open, because it could highlight a failure to urldecode
somewhere. I'm not about to go hunting for it now.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org