php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53180 post_max_size=0 partly not working
Submitted: 2010-10-27 11:25 UTC Modified: 2010-10-27 16:57 UTC
From: gm at tlink dot de Assigned: cataphract
Status: Closed Package: PHP options/info functions
PHP Version: 5.3.3 OS: FreeBSD 8.1-RELEASE
Private report: No CVE-ID:
 [2010-10-27 11:25 UTC] gm at tlink dot de
Description:
------------
Setting php.ini option post_max_size=0 (for unlimited POSTs since 5.3.2) isn't honoured in some cases. Doing a POST-form upload via curl or browser with a 5GB file works as expected (by setting upload_max_filesize=0 too) but using a login form (see below) results in this error:

PHP Warning: Unknown: POST Content-Length of 38 bytes exceeds the limit of 0 bytes in Unknown on line 0

It seems that main/SAPI.c lacks checks in SAPI_POST_READER_FUNC() for ignoring size checking in case post_max_size==0. This check was implemented in main/rfc1867.c only.

from: if (SG(request_info).content_length > S (post_max_size))
to: if (SG(post_max_size) > 0 && SG(request_info).content_length > S (post_max_size))

and

from: if (SG(read_post_bytes) > SG(post_max_size))
to: if (SG(post_max_size) > 0 && SG(read_post_bytes) > SG(post_max_size))

Sorry for not attaching a diff yet.

Gregor

Test script:
---------------
Loginform:

<html><body>
<form enctype="application/x-www-form-urlencoded" accept-charset="UTF-8" action="/login.php" method="post">
    	<input type="text" name="email" value="foo"  />
    	<input type="password" name="password" value="bar"  />
    	<input type="submit" name="submit" value="Log on"  />
</form>
</body></html>

pointing to this login.php:

<?php
echo "Loginname: ".$_POST['email'] .'<br>';
echo "Password: ".$_POST['password'];
?>



Expected result:
----------------
Loginname: foo
Password: bar

Actual result:
--------------
Loginname:
Password:

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-27 16:07 UTC] cataphract@php.net
-Assigned To: +Assigned To: cataphract
 [2010-10-27 16:56 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=304958
Log: - Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
  type is application/x-www-form-urlencoded or is not registered with PHP).
 [2010-10-27 16:57 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2010-10-27 16:57 UTC] cataphract@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 03:02:48 2014 UTC