Please strip PHP_AUTH_PW from $_SERVER environment

Question

Please strip PHP_AUTH_PW from $_SERVER environment

Closed this issue 14 years ago · 1 comments

In ExceptionalEnvironment::to_array you remove some keys and values from the $_SERVER . Please add PHP_AUTH_PW to the list of keys that are stripped to prevent HTTP Auth passwords from being sent to Exceptional. http://php.net/manual/en/features.http-auth.php

Answer 1 · 2011-03-14T06:47:43.000Z

Definitely a good idea. Thanks.