php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69699 file_get_contents("php://input") throws warnings
Submitted: 2015-05-24 14:41 UTC Modified: 2015-05-28 17:30 UTC
From: lewismoten at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: Output Control
PHP Version: 5.6.9 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lewismoten at gmail dot com
New email:
PHP Version: OS:

 

 [2015-05-24 14:41 UTC] lewismoten at gmail dot com
Description:
------------
I have a PHP page where a JSON object is being passed in the raw post data. To get this object, I use file_get_contents("php://input"). I'm getting a warning that in the future, PHP will not support raw streams of input. To get around this issue with the current version, it says I need to update the php.ini file setting for always_populate_raw_post_data. The problem is that the suggested work around is not possible since I do not have access to modify the php.ini file.

Even if I was able to fix this in the php.ini file, I am concerned about the removal of posting raw data to PHP pages in the future.

I would like to turn this warning off in pages that have this problem via ini_set

I also need to be able to continue to post via RAW data to my PHP pages in the future.

Test script:
---------------
// use the post method with raw data (less than 2048 bytes)
// and send to a PHP page with the following code

if($_SERVER['REQUEST_METHOD'] !== 'POST') exit;
if((int) $_SERVER['CONTENT_LENGTH'] > 2048) exit;
$input = file_get_contents("php://input");
$data = json_decode($input);

Expected result:
----------------
No warning message.

Able to receive raw post data.

Actual result:
--------------
Warning is displayed:

Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-24 22:02 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2015-05-24 22:02 UTC] cmb@php.net
Well, your code is fine, and it will still work with PHP 7.0.0.
The deprecation notice is shown, because the $HTTP__RAW_POST_DATA
and with it the ini setting always_populate_raw_post_data will be
removed from PHP 7.0.0, so everybody using this setting with
either 0 or 1 knows about the issue.

If you don't have access to php.ini to set
always_populate_raw_post_data to -1, you should contact your
server admins (maybe the hosting company).

An alternative is to remove E_DEPRECATED warnings from
error_reporting, what is customary on production systems anyway.
Doing so can be done from PHP as well (see error_reporting()).
 [2015-05-25 14:05 UTC] lewismoten at gmail dot com
Thanks for the response. I did try modifying the error reporting. The problem appears that this depreciation message seems to be written out before the page executes. This appears at the beginning of my file, but I still get the depreciation error written directly to my page, instead of being able to catch it:

error_reporting(E_ERROR);
set_error_handler("onError", E_ALL);

function onError($number, $message, $file, $line) {
	header('Content-type: application/json');
	$o = new stdClass;
	$o->success = false;
	$o->message = $message;
	echo json_encode($o);
	die();
}
 [2015-05-28 17:30 UTC] cmb@php.net
Yes, you're right, the deprecation warning is raised even before
the script executes. So the only way to get rid of the message is
to change the ini settings.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 15:01:32 2024 UTC