php5-curl: Curl truncates basic auth password after semicolon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php5 (Debian) |
Fix Released
|
Unknown
|
|||
php5 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Hi there,
I'm not sure where to report this bug, if it's Ubuntu, Debian or curl.
I'm using newest stable Ubuntu 13.10 with PHP 5.5.3-1ubuntu2.1. Basic authentication via curl does not work anymore if the password contains a semicolon:
$curlSettings[
$curlSettings[
$curl = curl_init('http://
// content: echo 'Password: '.$_SERVER[
curl_setopt_
curl_exec($curl);
It outputs just "pass" instead of "pass;word".
The same happens if you do this on a command line:
curl --basic --user "1testuser:
The problem seems to be the curl version that is used. I did a few tests:
not affected: 5.4.14 (curl 7.19.7)
affected: 5.5.3-1ubuntu2.1 (curl 7.32.0)
not affected: 5.5.3 (curl 7.22.0)
affected: 5.5.9 (curl 7.32.0)
not affected: 5.5.9 (curl 7.22.0)
not affected: 5.6-alpha2 (curl 7.22.0)
The problem seems to be curl 7.32.0 (plus maybe versions before and after)
While searching for that bug I just found 1 occurrence, but I cannot believe hat it has not been fixed since July 2013.
https:/
Maybe you can tell me where to report this bug so it gets fixed in current stable Ubuntu 13.10.
Michael
Changed in php5 (Debian): | |
status: | Unknown → New |
Changed in php5 (Debian): | |
status: | New → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better.
> Maybe you can tell me where to report this bug so it gets fixed in current stable Ubuntu 13.10.
I'm sorry that this bug hasn't yet been fixed for you. Reporting a bug doesn't by itself mean that the bug will necessarily be fixed, since this requires developer resource, which is limited and must be prioritised. This is generally done on the perception of how many users are affected, which here appears to be two users in six months. If you'd like to get the bug fixed to your schedule, then please provide a patch, or find somebody who can - ideally to Debian, so that both distributions can benefit.