php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #12426 Critical PHP bug while processing big POST data (>10K)
Submitted: 2001-07-27 10:57 UTC Modified: 2001-10-29 02:12 UTC
From: dk at dklab dot ru Assigned:
Status: Closed Package: HTTP related
PHP Version: 4.0.6 OS: RedHat Linux 7.0 2.2.16-22smp
Private report: No CVE-ID: None
 [2001-07-27 10:57 UTC] dk at dklab dot ru
I have configured PHP4 to process POST data less than 8000000 (phpinfo() reports that, see below). When I use the following script and enter a large block of text in the form, PHP4 cuts it off. Please test

http://www.dklab.ru/test.php (with phpinfo() call, form at the bottom of the file)
http://dklab.ru/content.txt (the file I am inserting - please test it)

Here is the script:

<?
show_source("test.php");
echo @$text;
?>

<form action=test.php method=post>
<textarea cols=60 rows=10 name=text wrap=virtual>
    <?$f=fopen("content.txt","r"); echo fread($f,100000)?>
</textarea><br>
<input type=submit name=go value="Go!">
</form>

I have encountered that use of multipart/form-data forms solves this problem, but usual POST forms does not work correctly. PHP3 also work correct with such forms.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-08-02 19:16 UTC] dk at dklab dot ru
Well, some days ago I had tried to patch PHP myself. No result :-( I have found that PHP does not get POST data larger than about 4000 bytes (3996). There is a constant in SAPI.h:

#define SAPI_POST_BLOCK_SIZE 4000

I understand that this constant explains the block size, which is used by PHP to read data from stdin in function:

SAPI_POST_READER_FUNC(sapi_read_standard_form_data)
in SAPI.c.

It is very VERY weird, but when I set SAPI_POST_BLOCK_SIZE to, for example, 10000, POST data is cutted by 4000 bytes again (not 10000, as I expected)! It looks like there is no bug in block-oriented algorythm of POST reading, but then why 4000?..

PS:
you think that it is HTTP-related bug? I don't think so: PHP3 works correctly...
 [2001-08-02 19:46 UTC] rasmus@php.net
Must be something related to that russian module you have loaded in your Apache
 [2001-08-02 21:16 UTC] dk at dklab dot ru
Oh, you are right, Rasmus! Thanks a lot.

I tried to set Russian Apache 1.3.20 (my old version was 1.3.14) and test PHP under it. Big POST transfer works correctly! But then my Apache had died (oh, too many made-by-hand patches, iI think), it is only my problem, I suppose.

But I do not understand, why PHP3 works correctly, but PHP4 does not?..
 [2001-10-29 02:12 UTC] sniper@php.net
Propably your patching had gone too far? :)
The HTTP upload is rewritten now in CVS. You could try
the latest CVS snapshot from http://snaps.php.net/
And also get fresh sources of Apache too.

--Jani

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Nov 17 05:01:31 2019 UTC