PHP :: Bug #51198 :: POSTing performs a GET with option CURLOPT

Bug #51198	POSTing performs a GET with option CURLOPT_NOBODY=0
Submitted:	2010-03-03 17:14 UTC	Modified:	2012-09-28 17:25 UTC
From:	philippe dot gablain at gmail dot com	Assigned:	pierrick (profile)
Status:	Closed	Package:	cURL related
PHP Version:	5.2.13	OS:	Linux (ubuntu 9.10 FRA)
Private report:	No	CVE-ID:	None

View Developer Edit

[2010-03-03 17:14 UTC] philippe dot gablain at gmail dot com

Description:
------------
POSTing performs a GET. Seems to be related to option CURLOPT_NOBODY=0 as used in twitter's PHP clients like PHP_Twitter.

Removing this option corrects the issue. I'm not sure this is a bug, but I think this still is an issue that needs (at least) to be documented.

Test script:
---------------
$headers=array('Expect:', 'X-Twitter-Client: ','X-Twitter-Client-Version: ','X-Twitter-Client-URL: ');

$ch = curl_init();

curl_setopt($ch,CURLOPT_URL,"http://twitter.com/statuses/update.json");
curl_setopt ($ch, CURLOPT_POST, true);
//curl_setopt ($ch, CURLOPT_HTTPGET, false); - Does not affect behaviour
curl_setopt ($ch, CURLOPT_POSTFIELDS, array('status'=>'hello world');
        
curl_setopt($ch, CURLOPT_USERPWD, 'twitter_user:twitter_pass');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_NOBODY, 0);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLINFO_HEADER_OUT,true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);
        
$t=curl_getinfo($ch);
curl_close($ch);

echo $t;

Expected result:
----------------
HTTP/1.1 200 OK Date: Wed, 03 Mar 2010 16:10:15 GMT Server: hi Status: 200 OK X-Transaction: ... ETag: "..." Last-Modified: Wed, 03 Mar 2010 16:10:15 GMT X-Runtime: 0.08590 Content-Type: application/json; charset=utf-8 Content-Length: 1113 Pragma: no-cache X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Set-Cookie: guest_id= ... ; path=/ Set-Cookie: lang=fr; path=/ Set-Cookie: _twitter_sess= ... ; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close 

.... (HTTP response Body) ...

Actual result:
--------------
HTTP/1.1 400 Bad Request Date: Wed, 03 Mar 2010 15:57:37 GMT Server: hi Status: 400 Bad Request X-Transaction: ... X-RateLimit-Limit: 150 Last-Modified: Wed, 03 Mar 2010 15:57:37 GMT X-RateLimit-Remaining: 149 X-Runtime: 0.10008 Content-Type: application/json; charset=utf-8 Content-Length: 82 Pragma: no-cache X-RateLimit-Class: api X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 X-RateLimit-Reset: 1267635457 Set-Cookie: guest_id= ... ; path=/ Set-Cookie: lang=fr; path=/ Set-Cookie: _twitter_sess= ... ; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close {"request":"/statuses/update.json","error":"Cette m\u00e9thode requiert un POST."}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-03-04 13:48 UTC] iliaa@php.net

-Status: Open +Status: Bogus

[2010-03-04 13:48 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

You cannot do a POST without a body.

[2010-03-04 14:18 UTC] philippe dot gablain at gmail dot com

Hello,

You're right, a POST without a body is not a POST.

But in my example CURLOPT_NOBODY is set to FALSE. I don't know why PHP-Twitter API set this parameter to false (a simple turnarround is just to not set the option), but setting "NO NOBODY=YES BODY" should not modify the POST into GET, no ?

Documentation actually says "CURLOPT_NOBODY  	 TRUE to exclude the body from the output. Request method is then set to HEAD. Changing this to FALSE does not change it to GET."

[2010-03-04 14:21 UTC] pajoye@php.net

-Status: Bogus +Status: To be documented

[2010-03-04 14:21 UTC] pajoye@php.net

Can someone from the doc team verify that the doc is clear enough about this behavior? Thanks :)

[2012-09-28 17:25 UTC] pierrick@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: pierrick

[2012-09-28 17:25 UTC] pierrick@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Closing the bug. The documentation specify that the request method will be set to 
HEAD.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 05:00:02 2025 UTC