|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #60600 $HTTP_RAW_POST_DATA is always populated
Submitted: 2011-12-23 11:23 UTC Modified: 2014-03-27 16:01 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: ercoli at gmail dot com Assigned: mike (profile)
Status: Closed Package: PHP options/info functions
PHP Version: 5.3.8 OS: linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: ercoli at gmail dot com
New email:
PHP Version: OS:


 [2011-12-23 11:23 UTC] ercoli at gmail dot com
$HTTP_RAW_POST_DATA is always populated when data is posted with content-type 
'text/xml' or 'application/xml' (and enctype != "multipart/form-data" ) , even if 
the directive 'always_populate_raw_post_data' is set to Off.

The manual says "the variable is populated only with unrecognized MIME type of the 
data", but as far as I can discern, 'text/xml' and 'application/xml' are both 
recognized mime type.

The preferred method for accessing the xml POST data is php://input since we can 
use a streaming parser with low memory footprint.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-24 13:49 UTC]
Your interpretation of "recognized MIME type" is off (only "application/x-www-form-urlencoded" and "multipart/form-data" are "recogized" in this sense) and your last sentence is also inaccurate (using php://input doesn't prevent the data from being loaded into memory; either it's already completely present in memory or otherwise it's not and it's the only the way to access the HTTP entity anyway).

But in any case, the documentation is poor in this matter.

 [2011-12-24 13:49 UTC]
-Type: Bug +Type: Documentation Problem
 [2014-02-01 11:54 UTC]
-Assigned To: +Assigned To: mike
 [2014-02-01 11:54 UTC]
Due to recently merged RFC'd patches, this should be looked at in the context of current versions of PHP.

So assigning to someone useful ...

Noteworthy, the report is originally made for an unsupported, outdated version of PHP, and is not a security issue. If whatever response you get from the assigned person is not satisfactory, please consider making the bug report using a supported, stable version of PHP.

Thanks for taking the time to make PHP better :)
 [2014-03-27 16:01 UTC]
-Status: Assigned +Status: Closed
 [2014-03-27 16:01 UTC]
You can set always populate_raw_post_data to -1 in PHP-5.6
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Oct 22 00:01:25 2020 UTC