php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45361 IE / IIS Double form post in case of redirection
Submitted: 2008-06-25 22:26 UTC Modified: 2008-07-04 09:38 UTC
From: ssruprai at hotmail dot com Assigned:
Status: Not a bug Package: IIS related
PHP Version: 5.2.6 OS: Windows 2003, XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ssruprai at hotmail dot com
New email:
PHP Version: OS:

 

 [2008-06-25 22:26 UTC] ssruprai at hotmail dot com
Description:
------------
I am facing a strange problem of IE double posting in case of self post.  PHP 5.2.6 / IIS 5.1 on windows XP.
 
Before starting I must tell you that:
 
It works with firefox, Apache / PHP combination.
It works with IE / Apache / PHP combination
It works with firefox / IIS / PHP Combination
But it DOES NOT work with  IE/PHP/ IIS
 
 This seems to be the case case with all IE versions (specially IE 6) and it happens on even the windows 2003 server.
 
 I have a form with just one field which uploads a single file and posts  back to same PHP file. The file is a csv file and it is properly read and inserted into database. After it is successfully inserted I issue a redirect to some other page using header("Location:other_page.php"). When the header is executed the form is posted again.


I know that it was posted twice because when I see the database the records are inserted twice.

I am not sure if it is IIS, PHP or IE Problem.
 
This is not the first time I have experienced this. I had earlier faced the similar double post problem in case of self post (WITHOUT USING REDIRECT header but this seems to have been resolved with latest php ISAPI version. At that time I just switched to apache as most hosting servers were linux and there was no problem). 

But now the problem is that production server is Windows 2003 server with IIS. (The version of PHP IIS or windows shouldn't not matter though)

My application is using all sorts of libraries, from pear db, quickform to 
smarty so I have just created a simple upload form . Which does nothing but logs the access to find out about double 
post.

I had tried many different php versions and all produced same result. I have created a simple form for testing. If you'll upload a small text file you'll see 
that there are two entries in log file for one access.

The platform to test is IIS (ISAPI) php 5 and Internet explorer 6.  (IE 7 
may not post values twice but it will display some page not found error.)



Reproduce code:
---------------
<?php
set_time_limit ( 300); 

if (@$_POST['submitted'] == 'yes')
{
	$csv_file = $_FILES['csv_file'];
	if ($csv_file['size'] > 0)
	{		
		
		$fp = fopen('access.txt', 'a');
		fwrite($fp, 'Accessed at '. date('d-m-y H:i:s u'). "\r\n");
		fclose($fp);
	
		header('Location:http://www.google.com');
		exit;
		
		/* if instead of above header, javascript redirect is used then it is not posted twice */
		
		/*echo "<script language='javascript'>\n";
		echo "location.replace('http://www.google.com');\n";
		echo "</script>";*/
				
	}				
	else if ($csv_file['error'] == UPLOAD_ERR_FORM_SIZE || $csv_file['error'] == UPLOAD_ERR_INI_SIZE)
	{
		$error = "File size exceeds max allowed size of whatever";
	
	}
	else
	{
		$error = "There was error in uploading your file.";
	
	}	

}

?>
<html>
<head>
<title>
test
</title>
</head>
<body>
<?php
if (isset($error))
{
	echo "<B>$error</B>";
}
?>
<form method="post" enctype="multipart/form-data">
<input name="MAX_FILE_SIZE" type="hidden" value="5242880" />
<input type="file" name="csv_file" />
<input type="hidden" name="submitted" value="yes" />
<input type="submit" value="Submit" />
</form>
</body>
</html>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-01 09:53 UTC] jani@php.net
Instead of using the (buggy) ISAPI module, use the fastcgi approach instead (supported/preferred also by Microsoft themselves!).
 [2008-07-01 11:12 UTC] ssruprai at hotmail dot com
The production server is a fast cgi windows 2003. Behavior is same.
 [2008-07-02 11:37 UTC] jani@php.net
"It works with firefox, Apache / PHP combination.
It works with IE / Apache / PHP combination"

So it's IIS vs. IE bug. Not PHP problem -> bogus.

 [2008-07-02 12:25 UTC] ssruprai at hotmail dot com
Whatever it is, I am just reporting the problem because it is php header function which is creating this problem.

I think you should test it yourself as I have provided the code to reproduce. Most of the people use IE although PHP is rarely used on Windows.

I think this needs to be solved as it is very common to self post and redirect.
 [2008-07-04 09:38 UTC] ssruprai at hotmail dot com
I think I have found what is causing this double post. It is a sapce between Location: and the url.

Instead of 

header("Location:http://www.google.com");

header("Location: http://www.google.com");

should be used to avoid this double posting.

This seems to have solved the problem.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jul 24 11:01:32 2024 UTC