Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

- Added enable_post_data_reading ini option to allow inhibiting POST …

…data consumption.
  • Loading branch information...
commit 6654a4ade5da2c23ba39d6e89bd738f9819c5954 1 parent c35fc78
@cataphract cataphract authored
View
2  main/SAPI.c
@@ -393,7 +393,7 @@ SAPI_API void sapi_activate(TSRMLS_D)
/* handle request mehtod */
if (SG(server_context)) {
- if ( SG(request_info).request_method) {
+ if (PG(enable_post_data_reading) && SG(request_info).request_method) {
if(!strcmp(SG(request_info).request_method, "POST")
&& (SG(request_info).content_type)) {
/* HTTP POST -> may contain form data to be read into variables
View
1  main/main.c
@@ -490,6 +490,7 @@ PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals)
+ STD_PHP_INI_BOOLEAN("enable_post_data_reading", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, enable_post_data_reading, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals)
View
1  main/php_globals.h
@@ -132,6 +132,7 @@ struct _php_core_globals {
zend_bool file_uploads;
zend_bool during_request_startup;
zend_bool allow_url_fopen;
+ zend_bool enable_post_data_reading;
zend_bool always_populate_raw_post_data;
zend_bool report_zend_debug;
View
22 tests/basic/enable_post_data_reading_01.phpt
@@ -0,0 +1,22 @@
+--TEST--
+enable_post_data_reading: basic test
+--INI--
+enable_post_data_reading=0
+--POST_RAW--
+Content-Type: application/x-www-form-urlencoded
+a=1&b=ZYX
+--FILE--
+<?php
+var_dump($_FILES);
+var_dump($_POST);
+var_dump($HTTP_RAW_POST_DATA);
+var_dump(file_get_contents("php://input"));
+--EXPECTF--
+array(0) {
+}
+array(0) {
+}
+
+Notice: Undefined variable: HTTP_RAW_POST_DATA in %s on line %d
+NULL
+string(9) "a=1&b=ZYX"
View
28 tests/basic/enable_post_data_reading_02.phpt
@@ -0,0 +1,28 @@
+--TEST--
+enable_post_data_reading: rfc1867
+--INI--
+enable_post_data_reading=0
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="file1"; filename="file1.txt"
+Content-Type: text/plain-file
+
+1
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_FILES);
+var_dump($_POST);
+var_dump(file_get_contents("php://input"));
+--EXPECTF--
+array(0) {
+}
+array(0) {
+}
+string(224) "-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="file1"; filename="file1.txt"
+Content-Type: text/plain-file
+
+1
+-----------------------------20896060251896012921717172737--"
View
23 tests/basic/enable_post_data_reading_03.phpt
@@ -0,0 +1,23 @@
+--TEST--
+enable_post_data_reading: always_populate_raw_post_data has no effect (1)
+--INI--
+enable_post_data_reading=0
+always_populate_raw_post_data=1
+--POST_RAW--
+Content-Type: application/x-www-form-urlencoded
+a=1&b=ZYX
+--FILE--
+<?php
+var_dump($_FILES);
+var_dump($_POST);
+var_dump($HTTP_RAW_POST_DATA);
+var_dump(file_get_contents("php://input"));
+--EXPECTF--
+array(0) {
+}
+array(0) {
+}
+
+Notice: Undefined variable: HTTP_RAW_POST_DATA in %s on line %d
+NULL
+string(9) "a=1&b=ZYX"
View
23 tests/basic/enable_post_data_reading_04.phpt
@@ -0,0 +1,23 @@
+--TEST--
+enable_post_data_reading: always_populate_raw_post_data has no effect (2)
+--INI--
+enable_post_data_reading=0
+always_populate_raw_post_data=1
+--POST_RAW--
+Content-Type: application/unknown
+a=1&b=ZYX
+--FILE--
+<?php
+var_dump($_FILES);
+var_dump($_POST);
+var_dump($HTTP_RAW_POST_DATA);
+var_dump(file_get_contents("php://input"));
+--EXPECTF--
+array(0) {
+}
+array(0) {
+}
+
+Notice: Undefined variable: HTTP_RAW_POST_DATA in %s on line %d
+NULL
+string(9) "a=1&b=ZYX"
Please sign in to comment.
Something went wrong with that request. Please try again.