PHP :: Bug #70028 :: $_POST data being automatically filtered.

Bug #70028	$_POST data being automatically filtered.
Submitted:	2015-07-08 17:17 UTC	Modified:	2015-07-15 14:59 UTC
From:	treboralmasy1 at gmail dot com	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	5.6.10	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	treboralmasy1 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2015-07-08 17:17 UTC] treboralmasy1 at gmail dot com

Description:
------------
When a form is submitted with an empty value $_POST does not add an empty key. Instead it automatically filters it. If data is entered $_POST behaves like normal (populates key and value).
Ie: when no code is entered:
file_get_contents('php://input'):
username=

$_POST:
array()

when username IS entered:
file_get_contents('php://input'):
username=test

$_POST:
array( username=>test)



Test script:
---------------
<form action="" method="POST">
<input type="text" name="username" />
<input type="submit" value="click">
</form>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-07-08 19:22 UTC] cmb@php.net

-Status: Open +Status: Feedback

[2015-07-08 19:22 UTC] cmb@php.net

I'm not able to reproduce the described behavior with the
following self contained test script (PHP 5.6.10, built-in
webserver):

    <?php
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        var_dump($_POST);
        var_dump(file_get_contents('php://input'));
    }
    ?>
    <form action="<?=$_SERVER['PHP_SELF']?>" method="POST">
    <input type="text" name="username">
    <input type="submit" value="click">
    </form>

Which SAPI do you use?

[2015-07-08 21:11 UTC] treboralmasy1 at gmail dot com

-Status: Feedback +Status: Open

[2015-07-08 21:11 UTC] treboralmasy1 at gmail dot com

The SAPI used is CGI PHP.

An example of the problem can be found here:
http://myservicecalls.com/postTest.php

Code in link:
<?php
error_reporting(E_ALL);

$raw_post = file_get_contents('php://input');
echo 'php://input: '.$raw_post;
echo '<br/>';
print_r($_POST);
echo '<br/>';

$sapi_type = php_sapi_name();
if (substr($sapi_type, 0, 3) == 'cgi') {
    echo "You are using CGI PHP\n";
} else {
    echo "You are not using CGI PHP\n";
}
?>

<form action="postTest.php" method="POST">
<input type="text" name="username" />
<input type="submit" value="click">
</form>

[2015-07-09 21:37 UTC] keithm at aoeex dot com

Works for me as well.  Perhaps a problem with your server configuration.  Can you provide specifics about your setup?

tested @ https://aoeex.com/70028/test.php

[2015-07-14 00:25 UTC] treboralmasy1 at gmail dot com

I have contacted my server admin about this and here is all the info they gave, though none of it seems to point to anything specific:


Memory Information
Memory: 16268716k/17301504k available (5336k kernel code, 565380k absent, 467408k reserved, 7016k data, 1292k init)

System Information
Linux server1.commoncoresheets.com 2.6.32-504.1.3.el6.x86_64 #1 SMP Tue Nov 11 17:57:25 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Physical Disks
sd 0:0:0:0: [sda] 1953525168 512-byte logical blocks: (1.00 TB/931 GiB)
sd 1:0:0:0: [sdb] 1953525168 512-byte logical blocks: (1.00 TB/931 GiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
sd 1:0:0:0: [sdb] Write Protect is off
sd 1:0:0:0: [sdb] Mode Sense: 00 3a 00 00
sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sd 1:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sd 0:0:0:0: [sda] Attached SCSI disk
sd 1:0:0:0: [sdb] Attached SCSI disk
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 1:0:0:0: Attached scsi generic sg1 type 0

Current Memory Usage
total used free shared buffers cached
Mem: 16291120 15542064 749056 4380 470748 10204920
-/+ buffers/cache: 4866396 11424724
Swap: 16433144 32920 16400224
Total: 32724264 15574984 17149280

Current Disk Usage
Filesystem Size Used Avail Use% Mounted on
/dev/md1 908G 55G 808G 7% /
tmpfs 7.8G 0 7.8G 0% /dev/shm
/dev/md0 992M 113M 828M 12% /boot
/dev/sdc1 50G 47G 2.8G 95% /backup

Apache version:
Server version: Apache/2.2.29 (Unix)
Server built: Jul 8 2015 20:42:37
Cpanel::Easy::Apache v3.30.2 rev9999

MySQL version:
Server version: 5.5.42-cll MySQL Community Server (GPL)

PHP version
PHP 5.6.10 (cli) (built: Jul 8 2015 20:45:52)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd., and
with Zend Guard Loader v3.3, Copyright (c) 1998-2014, by Zend Technologies
with Suhosin v0.9.36, Copyright (c) 2007-2014, by SektionEins GmbH

cPanel version
11.50.0 (build 23)

[2015-07-14 02:46 UTC] rasmus@php.net

All 3 of these could be doing it and this is the wrong place to ask about those.

with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd., and
with Zend Guard Loader v3.3, Copyright (c) 1998-2014, by Zend Technologies
with Suhosin v0.9.36, Copyright (c) 2007-2014, by SektionEins GmbH

Disable them one by one and see which one it is.

[2015-07-15 06:56 UTC] treboralmasy1 at gmail dot com

-Status: Open +Status: Closed

[2015-07-15 06:56 UTC] treboralmasy1 at gmail dot com

Yep it was Suhosin that was causing the issue.
My server admin said that the automatic filtering was one of the 'new features' of 5.6.1. Apparently not.
=D

[2015-07-15 14:59 UTC] rasmus@php.net

-Status: Closed +Status: Not a bug

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC