PHP cURL: Max Length on CURLOPT_USERPWD?

Question

I have a simple GET request in PHP using cURL. It is using basic auth for authentication.

However when the {username}:{password} is longer than 266 characters, it appears to be getting truncated. I looked everywhere but haven't found any documentation stating this. Is it just me?

$data = curl_init($url);

curl_setopt($data, CURLOPT_USERPWD, $username . ":" . $password);
curl_setopt($data, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

$results = curl_exec($data);

echo $results;

curl_close($data);

I googled for all RCFs and there seems to be no limit on password according to what I have found. +1 for this question. — eisberg, Nov 29 '12 at 13:53

gries · Accepted Answer · 2012-12-06T08:46:50.447

1

I'm not a C expert but I found the following code in the CURL source (!NOT the php extension but the original curl) Looks like CURL only allocates 256byte for the password.

EDIT Removed the old code, because as Daniel Steinberg stated below this code is not used anymore.

edited Dec 06 '12 at 08:46

answered Nov 29 '12 at 13:42

gries

1,135
6
29

4

that is *not* verbatim code from any current libcurl version - but the limit is still 256 as it is a limitation in the libcurl code – Daniel Stenberg Nov 29 '12 at 17:22

PHP cURL: Max Length on CURLOPT_USERPWD?

1 Answers1

Linked