PHP :: Bug #12426 :: Critical PHP bug while processing big POST data (>10K)

Bug #12426	Critical PHP bug while processing big POST data (>10K)
Submitted:	2001-07-27 10:57 UTC	Modified:	2001-10-29 02:12 UTC
From:	dk at dklab dot ru	Assigned:
Status:	Closed	Package:	HTTP related
PHP Version:	4.0.6	OS:	RedHat Linux 7.0 2.2.16-22smp
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-07-27 10:57 UTC] dk at dklab dot ru

I have configured PHP4 to process POST data less than 8000000 (phpinfo() reports that, see below). When I use the following script and enter a large block of text in the form, PHP4 cuts it off. Please test

http://www.dklab.ru/test.php (with phpinfo() call, form at the bottom of the file)
http://dklab.ru/content.txt (the file I am inserting - please test it)

Here is the script:

<?
show_source("test.php");
echo @$text;
?>

<form action=test.php method=post>
<textarea cols=60 rows=10 name=text wrap=virtual>
    <?$f=fopen("content.txt","r"); echo fread($f,100000)?>
</textarea><br>
<input type=submit name=go value="Go!">
</form>

I have encountered that use of multipart/form-data forms solves this problem, but usual POST forms does not work correctly. PHP3 also work correct with such forms.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-08-02 19:16 UTC] dk at dklab dot ru

Well, some days ago I had tried to patch PHP myself. No result :-( I have found that PHP does not get POST data larger than about 4000 bytes (3996). There is a constant in SAPI.h:

#define SAPI_POST_BLOCK_SIZE 4000

I understand that this constant explains the block size, which is used by PHP to read data from stdin in function:

SAPI_POST_READER_FUNC(sapi_read_standard_form_data)
in SAPI.c.

It is very VERY weird, but when I set SAPI_POST_BLOCK_SIZE to, for example, 10000, POST data is cutted by 4000 bytes again (not 10000, as I expected)! It looks like there is no bug in block-oriented algorythm of POST reading, but then why 4000?..

PS:
you think that it is HTTP-related bug? I don't think so: PHP3 works correctly...

[2001-08-02 19:46 UTC] rasmus@php.net

Must be something related to that russian module you have loaded in your Apache

[2001-08-02 21:16 UTC] dk at dklab dot ru

Oh, you are right, Rasmus! Thanks a lot.

I tried to set Russian Apache 1.3.20 (my old version was 1.3.14) and test PHP under it. Big POST transfer works correctly! But then my Apache had died (oh, too many made-by-hand patches, iI think), it is only my problem, I suppose.

But I do not understand, why PHP3 works correctly, but PHP4 does not?..

[2001-10-29 02:12 UTC] sniper@php.net

Propably your patching had gone too far? :)
The HTTP upload is rewritten now in CVS. You could try
the latest CVS snapshot from http://snaps.php.net/
And also get fresh sources of Apache too.

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 08:01:35 2025 UTC