PHP :: Bug #51198 :: POSTing performs a GET with option CURLOPT

Bug #51198	POSTing performs a GET with option CURLOPT_NOBODY=0
Submitted:	2010-03-03 17:14 UTC	Modified:	2012-09-28 17:25 UTC
From:	philippe dot gablain at gmail dot com	Assigned:	pierrick (profile)
Status:	Closed	Package:	cURL related
PHP Version:	5.2.13	OS:	Linux (ubuntu 9.10 FRA)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	philippe dot gablain at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2010-03-03 17:14 UTC] philippe dot gablain at gmail dot com

Description:
------------
POSTing performs a GET. Seems to be related to option CURLOPT_NOBODY=0 as used in twitter's PHP clients like PHP_Twitter.

Removing this option corrects the issue. I'm not sure this is a bug, but I think this still is an issue that needs (at least) to be documented.

Test script:
---------------
$headers=array('Expect:', 'X-Twitter-Client: ','X-Twitter-Client-Version: ','X-Twitter-Client-URL: ');

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,"http://twitter.com/statuses/update.json");
curl_setopt ($ch, CURLOPT_POST, true);
//curl_setopt ($ch, CURLOPT_HTTPGET, false); - Does not affect behaviour
curl_setopt ($ch, CURLOPT_POSTFIELDS, array('status'=>'hello world');
        
curl_setopt($ch, CURLOPT_USERPWD, 'twitter_user:twitter_pass');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_NOBODY, 0);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLINFO_HEADER_OUT,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);
        
$t=curl_getinfo($ch);
curl_close($ch);

echo $t;

Expected result:
----------------
HTTP/1.1 200 OK Date: Wed, 03 Mar 2010 16:10:15 GMT Server: hi Status: 200 OK X-Transaction: ... ETag: "..." Last-Modified: Wed, 03 Mar 2010 16:10:15 GMT X-Runtime: 0.08590 Content-Type: application/json; charset=utf-8 Content-Length: 1113 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Set-Cookie: guest_id= ... ; path=/ Set-Cookie: lang=fr; path=/ Set-Cookie: _twitter_sess= ... ; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close 

.... (HTTP response Body) ...

Actual result:
--------------
HTTP/1.1 400 Bad Request Date: Wed, 03 Mar 2010 15:57:37 GMT Server: hi Status: 400 Bad Request X-Transaction: ... X-RateLimit-Limit: 150 Last-Modified: Wed, 03 Mar 2010 15:57:37 GMT X-RateLimit-Remaining: 149 X-Runtime: 0.10008 Content-Type: application/json; charset=utf-8 Content-Length: 82 Pragma: no-cache X-RateLimit-Class: api X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 X-RateLimit-Reset: 1267635457 Set-Cookie: guest_id= ... ; path=/ Set-Cookie: lang=fr; path=/ Set-Cookie: _twitter_sess= ... ; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close {"request":"/statuses/update.json","error":"Cette m\u00e9thode requiert un POST."}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-03-04 13:48 UTC] iliaa@php.net

-Status: Open +Status: Bogus

[2010-03-04 13:48 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

You cannot do a POST without a body.

[2010-03-04 14:18 UTC] philippe dot gablain at gmail dot com

Hello,

You're right, a POST without a body is not a POST.

But in my example CURLOPT_NOBODY is set to FALSE. I don't know why PHP-Twitter API set this parameter to false (a simple turnarround is just to not set the option), but setting "NO NOBODY=YES BODY" should not modify the POST into GET, no ?

Documentation actually says "CURLOPT_NOBODY  	 TRUE to exclude the body from the output. Request method is then set to HEAD. Changing this to FALSE does not change it to GET."

[2010-03-04 14:21 UTC] pajoye@php.net

-Status: Bogus +Status: To be documented

[2010-03-04 14:21 UTC] pajoye@php.net

Can someone from the doc team verify that the doc is clear enough about this behavior? Thanks :)

[2012-09-28 17:25 UTC] pierrick@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: pierrick

[2012-09-28 17:25 UTC] pierrick@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Closing the bug. The documentation specify that the request method will be set to 
HEAD.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 13:01:28 2025 UTC