|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33006 binary data in $_POST[] is corrupt
Submitted: 2005-05-11 08:19 UTC Modified: 2005-05-11 09:20 UTC
From: billy dot becker at gmail dot com Assigned:
Status: Not a bug Package: Variables related
PHP Version: 5.0.3 OS: gentoo linux 2.4.28-gentoo-r2
Private report: No CVE-ID: None
 [2005-05-11 08:19 UTC] billy dot becker at gmail dot com
I have a form that submits a wavfile as a variable. The form uses enctype application/form-data-urlencoded. Normal variables (integer and string) get tranmitted fine and I can access them normally from $_POST. 
However, my wavfile is coming through corrupt. The bug is that although the documentation says that PHP does only a urldecode before populating the $_POST array, something else must be happening in addition.

However, If I manually parse the $HTTP_RAW_POST_DATA string, I can pull my data out, urldecode() it, and the data is fine. When I compare the urldecoded RAW_POST_DATA to the $_POST data, I find that the $_POST data has man low-bit characters replaced with high-bit characters, and the $_POST data has about 200bytes of extra information strewn throughout the string. 

So, the data is getting transmitted to the server fine, and PHP see's it fine, but it does something when it puts it into the $_POST array to corrupt the data.

I started a thread on comp.lang.php named "how does PHP5 process POST data in creating $_POST array?"
this link may or may not work:

I'm not sure how you will be able to reproduce the error without having access to a source that will send wav data as a form variable. 

Let me know if there is anything else I can do or give you to help fix this bug.

Reproduce code:
Assuming you have a source that has posted a wav file with the variable name: message

this code will show you the difference:

function &parse_http_raw_post_data(&$data, $split1str = '&', $split2str = '=')
           $split1dat = explode($split1str, $data);
           $num = count($split1dat);
           if (! $num) { return false; }
           for ($i = 0; $i < $num; $i++) {
               $split2dat=explode($split2str, $split1dat[$i]);
               $ret[$split2dat[$i]] = $split2dat[$i + 1];
           return $ret;



file_put_contents("$writepath/$filename-raw.wav", $wavdata);
file_put_contents("$writepath/$filename-post.wav", $postdata);
file_put_contents("$writepath/$filename-u.wav",   urldecode($wavdata));

Expected result:
wavdata and postdata should be exactly the same.

Actual result:
wavdata contains: RIFFF?WAVEfmt @data ???????????????....

postdata contains: RIFFF?\0\0WAVEfmt \0\0\0\0\0@\0\0@\0\0\\0\0\0data ?\....

there's a lot more to the output, but that's the gist of it. PHP is inserting lots of \0 where it doesn't need to be.

I can send you the two files to compare if you wish.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-11 09:20 UTC] billy dot becker at gmail dot com
I am retarded. I didn't fully understand magic quotes until i reread the manual. GPC magic quotes was set to on, and so all my NULLS (0x00) were getting escaped. I turned GPC magic quotes off in my php.ini and tested it and $_POST['message'] was not corrupt.

I'm setting this bug to bogus now.

Obligatory "RTFM" accepted.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue May 28 18:01:32 2024 UTC