ID: 32218 Updated by: [EMAIL PROTECTED] Reported By: mcihar at suse dot cz Status: Feedback Bug Type: Documentation problem PHP Version: 5.0.3 New Comment:
It can handle any type of request Vrana, but is that fact documented anywhere? If it isn't, it should be. Most people wouldn't expect that methods other than GET or POST could be used to access their script, and this should probably be noted. Ideally, the best solution would be to stop these unwanted request methods even getting to PHP in the first place. This could be done in Apache like this: <LimitExcept GET POST> Deny from all </LimitExcept> Previous Comments: ------------------------------------------------------------------------ [2005-03-08 09:44:15] [EMAIL PROTECTED] What's the problem here? Your PHP script can handle any type of request method and you can check for the method in variable $_SERVER["REQUEST_METHOD"] which is documented at http://www.php.net/manual/en/reserved.variables.php . You can send the status code yourself with header(). ------------------------------------------------------------------------ [2005-03-07 20:08:44] [EMAIL PROTECTED] Let's document it. ------------------------------------------------------------------------ [2005-03-07 13:53:42] mcihar at suse dot cz Description: ------------ This is basically same as bug #19113, but I didn't find way to add comment there and I do no thing it is bogus. Problem is that mod_php (and mod_perl as well) don't care about request type at all, and handle all same way. If this is really intended behaviour, it should be documented. I feel it is a bug, solution migth be to add method check to php_handler. It might look like: if (r->method_number != M_GET && r->method_number != M_POST) { return DECLINED; } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32218&edit=1
