php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #51191 Request body is 0-size when chunked requests are used
Submitted: 2010-03-03 05:55 UTC Modified: 2021-11-27 19:44 UTC
Votes:9
Avg. Score:4.7 ± 0.5
Reproduced:9 of 9 (100.0%)
Same Version:2 (22.2%)
Same OS:4 (44.4%)
From: evert at rooftopsolutions dot nl Assigned:
Status: Open Package: CGI/CLI related
PHP Version: 5.3.1 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: evert at rooftopsolutions dot nl
New email:
PHP Version: OS:

 

 [2010-03-03 05:55 UTC] evert at rooftopsolutions dot nl
Description:
------------
Disclaimer: I'm not 100% sure if this is a PHP-FCGI bug.

When (PUT-) HTTP requests are made and encoded as Transfer-Encoding: Chunked, PHP never receives the request body, e.g.:

echo strlen(fopen('php://input','r')); will yield 0.

Chunked Transfer Encoding is used by the OS/X Finder WebDAV client. It works correctly when mod_php is used, but fails with FastCGI.

Nginx and Lighttpd don't support this at all, and return 411 Length Required, which still sucks, but is better than silently failing.


Test script:
---------------
echo strlen(fopen('php://input','r'));

Expected result:
----------------
size of the request body

Actual result:
--------------
0

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-03 10:18 UTC] jani@php.net
-Operating System: Any +Operating System: *
 [2010-08-04 08:05 UTC] jpa at php dot mail dot kapsi dot fi
Here is a test case for the bug, using netcat to send the request:
http://koti.kapsi.fi/~jpa/stuff/other/php-chunked-test.tgz

A simple bash cgi script correctly receives the request, so the problem is with PHP's CGI and FCGI interfaces. Instead of requiring a CONTENT_LENGTH header, PHP should simply read to EOF on stdin when TRANSFER_ENCODING is chunked.
 [2010-08-04 09:14 UTC] evert at rooftopsolutions dot nl
I can confirm this is only happening for CGI and FastCGI.

Nginx and Lighttpd don't seem to support this feature at all, and simply return 411 Length Required, but with Apache the request goes through but PHP ends up with an empty request body.
 [2010-11-24 10:34 UTC] jani@php.net
-Package: Apache2 related +Package: CGI related
 [2021-09-15 07:11 UTC] tim dot siebels at iserv dot eu
We are encountering this issue when disabling fastcgi_request_buffering in nginx.
Apparently, others are too [0,1]. The older bug [1] led to apache "fixing" this issue by buffering all chunked requests.

I've opened a thread on the nginx mailinglist [2] regarding this. The assessment there is, that fastcgi is a inherently chunked protocol and thus php should not depend on the CONTENT_LENGTH variable, and rather read out all the fastcgi records to get the body.

How do you feel about this? Do you agree that this should be fixed in php?

[0] https://trac.cyberduck.io/wiki/help/en/howto/mount/issues/fastcgi
[1] https://bugs.php.net/bug.php?id=60826
[2] http://mailman.nginx.org/pipermail/nginx/2021-September/061029.html
 [2021-09-23 11:01 UTC] tim dot siebels at iserv dot eu
The following pull request has been associated:

Patch Name: Fixed reading in streamed body using fastcgi
On GitHub:  https://github.com/php/php-src/pull/7509
Patch:      https://github.com/php/php-src/pull/7509.patch
 [2021-09-23 11:40 UTC] cmb@php.net
See <https://bugs.php.net/bug.php?id=60826#1582825832>.  However,
the FastCGI specs are less clear on that, and I tend to agree that
it makes sense to support chunked requests.
 [2021-11-27 19:44 UTC] bukka@php.net
I think FastCGI spec is quite clear about using CGI/1.1 in responder - see http://www.mit.edu/~yandros/doc/specs/fcgi-spec.html#S6.2 . It means that CONTENT_LENGTH is required by spec because it is required by CGI/1.1. Thus I don't think this is a bug and to change that, we would need to change a spec.
 [2021-11-30 08:02 UTC] tim dot siebels at iserv dot eu
Thanks! As a result, I raised these concerns here: https://trac.nginx.org/nginx/ticket/2287
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC