|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #60600 $HTTP_RAW_POST_DATA is always populated
Submitted: 2011-12-23 11:23 UTC Modified: 2014-03-27 16:01 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: ercoli at gmail dot com Assigned: mike (profile)
Status: Closed Package: PHP options/info functions
PHP Version: 5.3.8 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ercoli at gmail dot com
New email:
PHP Version: OS:


 [2011-12-23 11:23 UTC] ercoli at gmail dot com
$HTTP_RAW_POST_DATA is always populated when data is posted with content-type 
'text/xml' or 'application/xml' (and enctype != "multipart/form-data" ) , even if 
the directive 'always_populate_raw_post_data' is set to Off.

The manual says "the variable is populated only with unrecognized MIME type of the 
data", but as far as I can discern, 'text/xml' and 'application/xml' are both 
recognized mime type.

The preferred method for accessing the xml POST data is php://input since we can 
use a streaming parser with low memory footprint.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-24 13:49 UTC]
Your interpretation of "recognized MIME type" is off (only "application/x-www-form-urlencoded" and "multipart/form-data" are "recogized" in this sense) and your last sentence is also inaccurate (using php://input doesn't prevent the data from being loaded into memory; either it's already completely present in memory or otherwise it's not and it's the only the way to access the HTTP entity anyway).

But in any case, the documentation is poor in this matter.

 [2011-12-24 13:49 UTC]
-Type: Bug +Type: Documentation Problem
 [2014-02-01 11:54 UTC]
-Assigned To: +Assigned To: mike
 [2014-02-01 11:54 UTC]
Due to recently merged RFC'd patches, this should be looked at in the context of current versions of PHP.

So assigning to someone useful ...

Noteworthy, the report is originally made for an unsupported, outdated version of PHP, and is not a security issue. If whatever response you get from the assigned person is not satisfactory, please consider making the bug report using a supported, stable version of PHP.

Thanks for taking the time to make PHP better :)
 [2014-03-27 16:01 UTC]
-Status: Assigned +Status: Closed
 [2014-03-27 16:01 UTC]
You can set always populate_raw_post_data to -1 in PHP-5.6
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Jul 30 23:01:24 2021 UTC