Use HTTP POST vars rather than body to avoid PHP 5.6 warning

[chillu]

http://php.net/manual/en/reserved.variables.httprawpostdata.php

This feature was DEPRECATED in PHP 5.6.0, and REMOVED as of PHP 7.0.0. $HTTP_RAW_POST_DATA contains the raw POST data. See always_populate_raw_post_data. In general, php://input should be used instead of $HTTP_RAW_POST_DATA

[robbieaverill]

This kills asset admin for me.

[sminnee]

Are we actually using RAW_POST_DATA?

[robbieaverill]

I can't find it anywhere, but it only seems to happen on the graphql endpoints (for me anyway)

[chillu]

@robbieaverill Can you please dig into this a bit?

[sminnee]

The SilverStripe GraphQL module uses HTTPRequest::getBody(), which is populated by Director::direct() line 165 using @file_get_contents('php://input'). It's used that since 2008.

[sminnee]

I suspect that it's some weird PHP config, either on Robbie's dev environment, or on the production environment he's deploying to.

[chillu]

At its core, this is a very bad deprecation process in PHP which will hit anybody using POST body: https://www.bram.us/2014/10/26/php-5-6-automatically-populating-http_raw_post_data-is-deprecated-and-will-be-removed-in-a-future-version/. To make matters worse, the generated warning is misleading: It also applies for using php://input with always_populate_raw_post_data=0

Background:

• The warning was introduces some time after PHP 5.6.10, and obviously only triggers with display_errors=1, so on dev enviornments
• PHP's default php.ini in 5.6 has the setting commented out, so defaults to 0 (and exhibits the issue), so this is widespread
• The setting has been removed in PHP 7.0, so this is only a 5.6 issue
• The POST body is consumed via file_get_contents('php://input') in Director::direct(), at which point the warning is generated - so we can't make any use-case specific switches here
• The GraphQL spec recommends supporting GET query params, POST query params and POST body, which we implement in SilverStripe\GraphQL\Controller already.

Recommendation:

• Use the Apollo network layer to set convert the request to HTTP POST vars (see issue).
• Change dev/graphiql to HTTP POST vars
• Accept that with other GraphQL clients (e.g. the OSX GraphiQL app) and PHP 5.6 default config, requests will fail.

[chillu]

Also created a ticket for adding a warning to the installer: silverstripe/silverstripe-installer#147

[kinglozzer]

Heh, I should’ve probably left my ticket open #38 🙃. Recommendation looks good 👍

[flamerohr]

Pull request created silverstripe/silverstripe-framework#6500

[chillu]

Merged Chris' PR, and split out the GraphiQL one to a new issue on the separate repo: silverstripe/silverstripe-graphql-devtools#1