PHP :: Request #14207 :: HTTP_RAW_POST_DATA not set for known content types

Request #14207	HTTP_RAW_POST_DATA not set for known content types - fix supplied
Submitted:	2001-11-24 08:42 UTC	Modified:	2001-11-24 18:48 UTC
From:	duncan at emarketeers dot com	Assigned:
Status:	Closed	Package:	Feature/Change Request
PHP Version:	4.0.6	OS:	All
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-11-24 08:42 UTC] duncan at emarketeers dot com

The global variable HTTP_RAW_POST_VARS does not get set unless the content-type is unknown to php. This causes problems when a remote server POSTs information which has 

Content-type:application/x-www-form-urlencoded

but the server actually posts something different. 

Using ASP or perl, one can simply open stdin to get the raw data, however this facility does not exist in PHP.

Applications I know of which POST this kind of data include a number of SOAP servers and some credit-card authorizers, notably BarclaysEPDQ. In order to interface to these servers some perl glue is necessary. I know that this issue affects quite a few people - just search for HTTP_RAW_POST_DATA on Google.

The fix is simple - a short patch to main/php_variables.c.

The diff over the code in the 4.0.6 distribution is as follows, complete code for the affected function (php_std_post_handler) is also given.
======== diff ============

197d196
<         char *data;
202,207d200
<         /* Make sure we always set HTTP_RAW_POST_DATA */
<       sapi_read_standard_form_data(SLS_C);
<         data = estrndup(SG(request_info).post_data,SG(request_info).post_data_length);
<         SET_VAR_STRINGL("HTTP_RAW_POST_DATA", data, SG(request_info).post_data_length);
<
<


========= end diff ========

====== function ==========
SAPI_POST_HANDLER_FUNC(php_std_post_handler)
{
        char *var, *val;
        char *strtok_buf = NULL;
        char *data;
        zval *array_ptr = (zval *) arg;
        ELS_FETCH();
        PLS_FETCH();

        /* Make sure we always set HTTP_RAW_POST_DATA */
        sapi_read_standard_form_data(SLS_C);
        data = estrndup(SG(request_info).post_data,SG(request_info).post_data_length);
        SET_VAR_STRINGL("HTTP_RAW_POST_DATA", data, SG(request_info).post_data_length);


        var = php_strtok_r(SG(request_info).post_data, "&", &strtok_buf);

        while (var) {
                val = strchr(var, '=');
                if (val) { /* have a value */
                        int val_len;

                        *val++ = '\0';
                        php_url_decode(var, strlen(var));
                        val_len = php_url_decode(val, strlen(val));
                        php_register_variable_safe(var, val, val_len, array_ptr ELS_CC PLS_CC);
                }
                var = php_strtok_r(NULL, "&", &strtok_buf);
        }
}

========= end function ============

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-11-24 18:48 UTC] sniper@php.net

This is fixed in latest CVS. Try a snapshot from 
http://snaps.php.net/ and note that you need to set the 
'always_populate_raw_post_data=On' in php.ini.

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Nov 05 18:00:01 2025 UTC