Permalink
Browse files

some changes to how request input data (Content-Lenght >0) is handled

- webdav-specific stuff removed (should be handled using httpd.conf
  LIMIT or equivalents)
- always_populate_raw_post_data now working on any method, not just
  POST (and webdav methods with allow_webdav_methods), when
	Content-Length is greater zero
- raw input data is also available using php://input stream,
  this way one doesn't have to care about memory_limit
- input data is now always consumed (although maybe ignored,
  this fixes we had withproblems with keep-alive connections
@ raw POST data is now available as php://input stream (hartmut)
  • Loading branch information...
1 parent b67b00e commit 8b7e9d77743ae006541a81bf4202e1c5d5311a60 Hartmut Holzgraefe committed Oct 21, 2002
Showing with 93 additions and 33 deletions.
  1. +57 −0 ext/standard/php_fopen_wrapper.c
  2. +31 −28 main/SAPI.c
  3. +0 −1 main/main.c
  4. +5 −3 main/php_content_types.c
  5. +0 −1 main/php_globals.h
@@ -66,6 +66,59 @@ php_stream_ops php_stream_output_ops = {
NULL /* set_option */
};
+static size_t php_stream_input_write(php_stream *stream, const char *buf, size_t count TSRMLS_DC)
+{
+ return -1;
+}
+
+static size_t php_stream_input_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
+{
+ int read_bytes;
+ if(!stream->eof) {
+ if(SG(request_info).post_data) { /* data has already been read by a post handler */
+ read_bytes = SG(request_info).post_data_length - stream->position;
+ if(read_bytes <= count) {
+ stream->eof = 1;
+ } else {
+ read_bytes = count;
+ }
+ if(read_bytes) {
+ memcpy(buf, SG(request_info).post_data + stream->position, read_bytes);
+ }
+ return read_bytes;
+ } else {
+ read_bytes = sapi_module.read_post(buf, count TSRMLS_CC);
+ if(read_bytes <= 0){
+ stream->eof = 1;
+ read_bytes = 0;
+ }
+ return read_bytes;
+ }
+ }
+}
+
+static int php_stream_input_close(php_stream *stream, int close_handle TSRMLS_DC)
+{
+ return 0;
+}
+
+static int php_stream_input_flush(php_stream *stream TSRMLS_DC)
+{
+ return -1;
+}
+
+php_stream_ops php_stream_input_ops = {
+ php_stream_input_write,
+ php_stream_input_read,
+ php_stream_input_close,
+ php_stream_input_flush,
+ "Input",
+ NULL, /* seek */
+ NULL, /* cast */
+ NULL, /* stat */
+ NULL /* set_option */
+};
+
php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC)
{
FILE * fp = NULL;
@@ -78,6 +131,10 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, char *path, ch
return php_stream_alloc(&php_stream_output_ops, NULL, 0, "wb");
}
+ if (!strcasecmp(path, "input")) {
+ return php_stream_alloc(&php_stream_input_ops, NULL, 0, "rb");
+ }
+
if (!strcasecmp(path, "stdin")) {
fp = fdopen(dup(STDIN_FILENO), mode);
} else if (!strcasecmp(path, "stdout")) {
View
@@ -128,7 +128,7 @@ static void sapi_read_post_data(TSRMLS_D)
char *content_type = estrndup(SG(request_info).content_type, content_type_length);
char *p;
char oldchar=0;
- void (*post_reader_func)(TSRMLS_D);
+ void (*post_reader_func)(TSRMLS_D) = NULL;
/* dedicated implementation for increased performance:
@@ -159,7 +159,6 @@ static void sapi_read_post_data(TSRMLS_D)
return;
}
SG(request_info).post_entry = NULL;
- post_reader_func = sapi_module.default_post_reader;
}
if (oldchar) {
*(p-1) = oldchar;
@@ -169,10 +168,10 @@ static void sapi_read_post_data(TSRMLS_D)
if(post_reader_func) {
post_reader_func(TSRMLS_C);
+ }
- if(PG(always_populate_raw_post_data) && sapi_module.default_post_reader) {
- sapi_module.default_post_reader(TSRMLS_C);
- }
+ if(PG(always_populate_raw_post_data) && sapi_module.default_post_reader) {
+ sapi_module.default_post_reader(TSRMLS_C);
}
}
@@ -282,6 +281,7 @@ SAPI_API size_t sapi_apply_default_charset(char **mimetype, size_t len TSRMLS_DC
SAPI_API void sapi_activate(TSRMLS_D)
{
void (*post_reader_func)(TSRMLS_D);
+
zend_llist_init(&SG(sapi_headers).headers, sizeof(sapi_header_struct), (void (*)(void *)) sapi_free_header, 0);
SG(sapi_headers).send_default_content_type = 1;
@@ -306,39 +306,34 @@ SAPI_API void sapi_activate(TSRMLS_D)
}
SG(rfc1867_uploaded_files) = NULL;
+ /* handle request mehtod */
if (SG(server_context)) {
- if ( SG(request_info).request_method
- && (!strcmp(SG(request_info).request_method, "POST")
- || (PG(allow_webdav_methods)
- && (!strcmp(SG(request_info).request_method, "PROPFIND")
- || !strcmp(SG(request_info).request_method, "PROPPATCH")
- || !strcmp(SG(request_info).request_method, "MKCOL")
- || !strcmp(SG(request_info).request_method, "PUT")
- || !strcmp(SG(request_info).request_method, "MOVE")
- || !strcmp(SG(request_info).request_method, "COPY")
- || !strcmp(SG(request_info).request_method, "LOCK"))))) {
- if (!SG(request_info).content_type) {
+ if ( SG(request_info).request_method) {
+ if(!strcmp(SG(request_info).request_method, "POST")
+ && (SG(request_info).content_type)) {
+ /* HTTP POST -> may contain form data to be read into variables
+ depending on content type given
+ */
+ sapi_read_post_data(TSRMLS_C);
+ } else {
+ /* any other method with content payload will fill
+ $HTTP_RAW_POST_DATA if enabled by always_populate_raw_post_data
+ it is up to the webserver to decide whether to allow a method or not
+ */
SG(request_info).content_type_dup = NULL;
if(PG(always_populate_raw_post_data)) {
- SG(request_info).post_entry = NULL;
- post_reader_func = sapi_module.default_post_reader;
-
- if(post_reader_func) {
- post_reader_func(TSRMLS_C);
-
- if(PG(always_populate_raw_post_data) && sapi_module.default_post_reader) {
- sapi_module.default_post_reader(TSRMLS_C);
- }
+ if(sapi_module.default_post_reader) {
+ sapi_module.default_post_reader(TSRMLS_C);
}
} else {
- sapi_module.sapi_error(E_WARNING, "No content-type in POST request");
+ sapi_module.sapi_error(E_WARNING, "No content-type in %s request", SG(request_info).request_method);
}
- } else {
- sapi_read_post_data(TSRMLS_C);
}
} else {
SG(request_info).content_type_dup = NULL;
}
+
+ /* Cookies */
SG(request_info).cookie_data = sapi_module.read_cookies(TSRMLS_C);
if (sapi_module.activate) {
sapi_module.activate(TSRMLS_C);
@@ -360,6 +355,14 @@ SAPI_API void sapi_deactivate(TSRMLS_D)
zend_llist_destroy(&SG(sapi_headers).headers);
if (SG(request_info).post_data) {
efree(SG(request_info).post_data);
+ } else if (SG(server_context)) {
+ if(sapi_module.read_post) {
+ // make sure we've consumed all request input data
+ char dummy[SAPI_POST_BLOCK_SIZE];
+ while(sapi_module.read_post(dummy, sizeof(dummy)-1 TSRMLS_CC) > 0) {
+ /* empty loop body */
+ }
+ }
}
if (SG(request_info).auth_user) {
efree(SG(request_info).auth_user);
View
@@ -320,7 +320,6 @@ PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_ALL, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals)
- STD_PHP_INI_BOOLEAN("allow_webdav_methods", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, allow_webdav_methods, php_core_globals, core_globals)
PHP_INI_END()
/* }}} */
@@ -39,9 +39,11 @@ SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader)
{
char *data;
- if(!SG(request_info).post_data) sapi_read_standard_form_data(TSRMLS_C);
- data = estrndup(SG(request_info).post_data, SG(request_info).post_data_length);
- SET_VAR_STRINGL("HTTP_RAW_POST_DATA", data, SG(request_info).post_data_length);
+ if(PG(always_populate_raw_post_data)) {
+ if(!SG(request_info).post_data) sapi_read_standard_form_data(TSRMLS_C);
+ data = estrndup(SG(request_info).post_data, SG(request_info).post_data_length);
+ SET_VAR_STRINGL("HTTP_RAW_POST_DATA", data, SG(request_info).post_data_length);
+ }
}
/* }}} */
View
@@ -140,7 +140,6 @@ struct _php_core_globals {
zend_bool always_populate_raw_post_data;
- zend_bool allow_webdav_methods;
};

0 comments on commit 8b7e9d7

Please sign in to comment.