|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69487 SAPI may truncate POST data
Submitted: 2015-04-20 10:21 UTC Modified: 2015-08-10 23:53 UTC
From: erik at datahack dot se Assigned: cmb (profile)
Status: Closed Package: *Web Server problem
PHP Version: PHP 5.6.12RC1 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: erik at datahack dot se
New email:
PHP Version: OS:


 [2015-04-20 10:21 UTC] erik at datahack dot se
If the SAPI fails to write the POST data to disk (eg. due to file system full or tmp folder is non-writable for other reasons), The PHP interpreter will get an incomplete/truncated POST request. This is very bad for data consistency if data is lost upon POST.

One workaround in the PHP script would be to check the content-length against the length of php://input.

if (count($_POST) &&
    (int)$_SERVER['CONTENT_LENGTH'] != strlen(file_get_contents("php://input"))) 

display_startup_errors triggers only a warning if the file can't be created (but the data is still corrupted). There are two cases that can happen and shouldn't result in corrupt data.

1. Temp file cannot be created
2. Data cannot be written to temp file

Test script:
If sys_temp_dir can't be written to this will cause corrupt data.

if (count($_POST)) {
	echo strlen(file_get_contents("php://input"))."<br>";
	echo file_get_contents("php://input")."<br>";
<form method="post">
<input type="hidden" name="data" value="<?php echo str_repeat("x", 16384).str_repeat("y", 16384).str_repeat("z", 16384); ?>">
<input type="submit">

Expected result:
No POST data or an internal error would be better than just continue with corrupt data...

Actual result:
PHP continues to process the request with corrupt data.


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-08-04 21:24 UTC]
-Summary: SAPI may cause truncated POST data +Summary: SAPI may truncate POST data -Status: Open +Status: Analyzed -Operating System: +Operating System: * -PHP Version: Irrelevant +PHP Version: PHP 5.6.12RC1 -Assigned To: +Assigned To: cmb
 [2015-08-04 21:24 UTC]
Indeed, such data loss would be a bad thing. Of course, we should
check whether the read_bytes are actually written by
php_stream_write()[1]. What to do otherwise might be not so
obvious, but the simplest solution would be to bail out with
E_ERROR. As this error condition is supposed to be *very* rare,
the simple handling seems to be appropriate.

[1] <>
 [2015-08-07 14:49 UTC]
-1 on E_ERROR

I'd rather suggest clearing the input stream an generating an E_WARNING to inform the system administrator.
 [2015-08-09 23:46 UTC]
-Assigned To: cmb +Assigned To:
 [2015-08-09 23:46 UTC]
Okay, Mike. :) I've submitted PR #1465.
 [2015-08-10 23:44 UTC]
Automatic comment on behalf of
Log: Fix #69487: SAPI may truncate POST data
 [2015-08-10 23:44 UTC]
-Status: Analyzed +Status: Closed
 [2015-08-10 23:53 UTC]
-Assigned To: +Assigned To: cmb
 [2015-08-10 23:53 UTC]
The fix for this bug has been committed.

Thank you for the report, and for helping us make PHP better.
 [2015-08-18 16:24 UTC]
Automatic comment on behalf of
Log: Fix #69487: SAPI may truncate POST data
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jul 20 13:01:27 2024 UTC