+2006-04-09 Alexey Proskuryakov <ap@nypop.com>
+
+ Reviewed by Darin.
+
+ - test for http://bugzilla.opendarwin.org/show_bug.cgi?id=7877
+ XMLHttpRequest ignores username/password passed to open()
+
+ * http/tests/xmlhttprequest/basic-auth-expected.txt: Added.
+ * http/tests/xmlhttprequest/basic-auth.html: Added.
+ * http/tests/xmlhttprequest/resources/basic-auth.php: Added.
+
2006-04-09 Darin Adler <darin@apple.com>
Reviewed by Anders.
--- /dev/null
+Tests for bug 7877: XMLHttpRequest ignores username/password passed to open()
+
+sync: User: sync, password: 123.
+sync2: User: sync2, password: 123.
+sync3: User: sync3, password: 123.
+sync4: User: sync4, password: 123.
+async: User: async, password: 123.
+async2: User: async2, password: 123.
+async3: User: async3, password: 123.
+async4: User: async4, password: 123.
--- /dev/null
+<html>
+<body>
+<p>Tests for <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=7877">bug 7877</a>:
+XMLHttpRequest ignores username/password passed to open()
+<script>
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ var console_messages = document.createElement("ol");
+ document.body.appendChild(console_messages);
+
+ function log(message)
+ {
+ var item = document.createElement("li");
+ item.appendChild(document.createTextNode(message));
+ console_messages.appendChild(item);
+ }
+
+ // sync
+ req = new XMLHttpRequest;
+ req.open("GET", "resources/basic-auth.php?uid=sync", false, "sync", "123");
+ req.send("");
+ log('sync: ' + req.responseText);
+
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=sync2"), false, "sync2", "123");
+ req.send("");
+ log('sync2: ' + req.responseText);
+
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=sync3").replace("http://", "http://sync3:123@"), false);
+ req.send("");
+ log('sync3: ' + req.responseText);
+
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=sync4").replace("http://", "http://incorrect:incorrect@"), false, "sync4", "123");
+ req.send("");
+ log('sync4: ' + req.responseText);
+
+ // async
+ var asyncStep = 1;
+
+ req.onreadystatechange = processStateChange;
+ req.open("GET", "resources/basic-auth.php?uid=async", true, "async", "123");
+ req.send("");
+
+ function processStateChange() {
+
+ if (req.readyState == 4){
+ if (req.status == 200){
+ if (asyncStep == 1) {
+ asyncStep = 2;
+ log('async: ' + req.responseText);
+ req.onreadystatechange = processStateChange;
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=async2"), true, "async2", "123");
+ req.send("");
+ } else if (asyncStep == 2) {
+ asyncStep = 3;
+ log('async2: ' + req.responseText);
+ req.onreadystatechange = processStateChange;
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=async3").replace("http://", "http://async3:123@"), true, "async3", "123");
+ req.send("");
+ } else if (asyncStep == 3) {
+ asyncStep = 4;
+ log('async3: ' + req.responseText);
+ req.onreadystatechange = processStateChange;
+ req.open("GET", document.URL.replace("basic-auth.html", "resources/basic-auth.php?uid=async4").replace("http://", "http://incorrect:incorrect@"), true, "async4", "123");
+ req.send("");
+ } else if (asyncStep == 4) {
+ log('async4: ' + req.responseText);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ }
+ }
+ }
+
+</script>
+</body>
+</html>
--- /dev/null
+<?php
+ if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_REQUEST['uid']) || ($_REQUEST['uid'] != $_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="WebKit Test Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Authentication canceled';
+ exit;
+ } else {
+ echo "User: {$_SERVER['PHP_AUTH_USER']}, password: {$_SERVER['PHP_AUTH_PW']}.";
+ }
+?>
+2006-04-09 Alexey Proskuryakov <ap@nypop.com>
+
+ Reviewed by Darin.
+
+ - fix http://bugzilla.opendarwin.org/show_bug.cgi?id=7877
+ XMLHttpRequest ignores username/password passed to open()
+
+ Test: http/tests/xmlhttprequest/basic-auth.html
+
+ * platform/KURL.cpp:
+ (KURL::setUser): Enable a code path that handles non-empty user name -
+ it was already present, but commented out and protected with an assertion.
+ (KURL::setPass): Ditto.
+
2006-04-09 Darin Adler <darin@apple.com>
Reviewed by Anders.
DeprecatedString u;
int end = userEndPos;
if (!user.isEmpty()) {
- // Untested code, but this is never used.
- ASSERT_NOT_REACHED();
-#if 0
u = user;
- if (userStartPos == schemeEndPos + 1) {
+ if (userStartPos == schemeEndPos + 1)
u = "//" + u;
- }
// Add '@' if we didn't have one before.
- if (end == hostEndPos || (end == passwordEndPos && urlString[end] != '@')) {
+ if (end == hostEndPos || (end == passwordEndPos && urlString[end] != '@'))
u += '@';
- }
-#endif
} else {
// Remove '@' if we now have neither user nor password.
- if (userEndPos == passwordEndPos && end != hostEndPos && urlString[end] == '@') {
+ if (userEndPos == passwordEndPos && end != hostEndPos && urlString[end] == '@')
end += 1;
- }
}
const DeprecatedString newURL = urlString.left(userStartPos) + u + urlString.mid(end);
parse(newURL.ascii(), &newURL);
DeprecatedString p;
int end = passwordEndPos;
if (!password.isEmpty()) {
- // Untested code, but this is never used.
- ASSERT_NOT_REACHED();
-#if 0
p = ':' + password + '@';
- if (userEndPos == schemeEndPos + 1) {
+ if (userEndPos == schemeEndPos + 1)
p = "//" + p;
- }
// Eat the existing '@' since we are going to add our own.
- if (end != hostEndPos && urlString[end] == '@') {
+ if (end != hostEndPos && urlString[end] == '@')
end += 1;
- }
-#endif
} else {
// Remove '@' if we now have neither user nor password.
- if (userStartPos == userEndPos && end != hostEndPos && urlString[end] == '@') {
+ if (userStartPos == userEndPos && end != hostEndPos && urlString[end] == '@')
end += 1;
- }
}
const DeprecatedString newURL = urlString.left(userEndPos) + p + urlString.mid(end);
parse(newURL.ascii(), &newURL);
git://git.webkit.org / WebKit-https.git / commitdiff