Re: [PHP] retrieve POST body?
Myron Turner wrote: I'm not sure I follow here, because the Perl script would be saving the posted file to disk. It would then send back a redirect with the name of the file in the query string of the url, which would point to a php script that would then read the file from the disk. So the file shouldn't be sent more than once. In any event, I do think that at least a few of use are agreed that somehow the whole post should be made available in PHP. Good luck with your solution, Myron Yes, you're right. :-) Somehow I thought the whole request just goes twice. I think I've been staring at a computer too long today. My head hurts. *L* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
You are correct, I'm not very familiar with Perl. If I do go the route of using something else to accept the form data and then executing the PHP script, I'd be leaning more toward somehow executing the PHP script directly rather then sending back a redirect to the user-agent to re-send the request to the PHP script. Reason being that if a file is uploaded, it ends up getting sent twice. For a large file, that's a lot of extra HTTP traffic. Anyhow, after much talk and some pretty innovative suggestions, I think I'm going to... 1. Put in a feature request to have the entire POST body, unaltered, dumped to a temp file. And in the mean time... 2. Reconstruct an identical POST body from the $_POST[] array, with some trial-and-error form field renaming (in the case of server-side image maps) and placement of uploaded files. (Slow, I know, and not guaranteed to work everywhere, but it keeps the script as portable as possible.) 3. Instruct page designers to refrain from using special characters in form field names when using this script. And also suggest to page designers to try to keep the number of server-side image maps and file uploads at a minimum, for speed and performance reasons.) 4. Provide the capability for the PHP script to execute a user-defined include file and read a user-defined file for the POST body. This would allow future improved operation in case the feature request ever materializes, or a sysadmin uses an external process (Perl or whatever else) to dump the POST body to a file. Myron Turner wrote: Richard Lynch wrote: On Sat, April 21, 2007 10:56 pm, Myron Turner wrote: At that point, why not just have Perl call PHP? Surely Perl can do something not unlike 'exec' or whatever to run any shell script you want... I sure wouldn't do another round trip to the browser and add JS into the middle of this solution, if it's viable... Wouldn't work for me, as I can't do Perl. Perl could, could of course do the whole job. But since the Original Poster was (I assumed) not particularly familiar with Perl, I was essentially providing a Perl script to do the base essentials. So my hack would put him right back into PHP. If he execs from Perl to a PHP script to do the processing, then he would have to augment the Perl script to send back HTML to the browser, and if he can do that he can probably stick with the Perl altogether. Anyway, that was my reasoning. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Justin Frim wrote: You are correct, I'm not very familiar with Perl. If I do go the route of using something else to accept the form data and then executing the PHP script, I'd be leaning more toward somehow executing the PHP script directly rather then sending back a redirect to the user-agent to re-send the request to the PHP script. Reason being that if a file is uploaded, it ends up getting sent twice. For a large file, that's a lot of extra HTTP traffic. I'm not sure I follow here, because the Perl script would be saving the posted file to disk. It would then send back a redirect with the name of the file in the query string of the url, which would point to a php script that would then read the file from the disk. So the file shouldn't be sent more than once. In any event, I do think that at least a few of use are agreed that somehow the whole post should be made available in PHP. Good luck with your solution, Myron _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On Sat, April 21, 2007 1:32 pm, Justin Frim wrote: I'm a little lost here though... how can it be possible to put data into the URI as well as the POST body? The request is originating from the user-agent, not the server. Regardless though, the real problem with this proposed hack is how, through HTML code, would one instruct the user-agent to submit the form using multipart/form-data, but without it creating a Content-Type: multipart/form-data header in the request!? This sounds like an impossible task to me. You'd use multipart/form-data, but ONLY the type=file INPUTs would be in the actual POST data. So your MD5 would be the MD5 of the uploaded file. The rest of your inputs would be in GET data: form action=whatever.php?input1=fooamp;input2=bar method=post enctype=multipart/form-data input type=file name=whatever / /form You could even use JS to take any other FORM INPUTs and change them to GET parameters and submit a somewhat hacked POST with everything but the file in GET parameters. It won't be pretty... But it might work and be faster than waiting for the Feature Request... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On Sat, April 21, 2007 10:56 pm, Myron Turner wrote: trick for you.You use the Perl script in the action attribute of your form. The Perl script saves the entire posted output to a file, then it sends back a page which uses Javascript to redirect back to the php script, where you can process the file. You send the file name back to the php script from the perl script in the query string of the url. At that point, why not just have Perl call PHP? Surely Perl can do something not unlike 'exec' or whatever to run any shell script you want... I sure wouldn't do another round trip to the browser and add JS into the middle of this solution, if it's viable... Wouldn't work for me, as I can't do Perl. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On 4/22/07, Richard Lynch [EMAIL PROTECTED] wrote: On Sat, April 21, 2007 10:56 pm, Myron Turner wrote: trick for you.You use the Perl script in the action attribute of your form. The Perl script saves the entire posted output to a file, then it sends back a page which uses Javascript to redirect back to the php script, where you can process the file. You send the file name back to the php script from the perl script in the query string of the url. At that point, why not just have Perl call PHP? Surely Perl can do something not unlike 'exec' or whatever to run any shell script you want... I sure wouldn't do another round trip to the browser and add JS into the middle of this solution, if it's viable... Wouldn't work for me, as I can't do Perl. Not everyone has Apache (or whatever) setup correctly that it allows to execute perl files. And what about windows servers? Most of them don't have perl. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Richard Lynch wrote: On Sat, April 21, 2007 10:56 pm, Myron Turner wrote: trick for you.You use the Perl script in the action attribute of your form. The Perl script saves the entire posted output to a file, then it sends back a page which uses Javascript to redirect back to the php script, where you can process the file. You send the file name back to the php script from the perl script in the query string of the url. At that point, why not just have Perl call PHP? Surely Perl can do something not unlike 'exec' or whatever to run any shell script you want... I sure wouldn't do another round trip to the browser and add JS into the middle of this solution, if it's viable... Wouldn't work for me, as I can't do Perl. Perl could, could of course do the whole job. But since the Original Poster was (I assumed) not particularly familiar with Perl, I was essentially providing a Perl script to do the base essentials. So my hack would put him right back into PHP. If he execs from Perl to a PHP script to do the processing, then he would have to augment the Perl script to send back HTML to the browser, and if he can do that he can probably stick with the Perl altogether. Anyway, that was my reasoning. -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Richard Lynch wrote: On Thu, April 19, 2007 10:28 pm, Myron Turner wrote: that should be necessary at this time. For instance, if it's necessary to pass in CGI parameters at the same time as sending out a file, the parameters can be tacked onto a query string and they will be packed into both the $_POST and the $_GET arrays. I've lost track of why the OP needs an md5 or whatever it is of the raw POST data, but MAYBE using an unknown MIME type and putting all the other args in the URL as $_GET parameters, would leave them with only the file itself to be parsed which would be pretty minimal parsing... There exists a mode of HTTP digest authentication where a header contains an MD5 hash of an MD5 hash of the POST body (along with a few other things that effectively add a salt to the hash, and provide the actual username/password authentication). This is used for integrity protection, to safegaurd against any malicious proxy or man in the middle attack from altering the form data while it's in transit from the authorized user to the web server. I'm a little lost here though... how can it be possible to put data into the URI as well as the POST body? The request is originating from the user-agent, not the server. Regardless though, the real problem with this proposed hack is how, through HTML code, would one instruct the user-agent to submit the form using multipart/form-data, but without it creating a Content-Type: multipart/form-data header in the request!? This sounds like an impossible task to me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Justin Frim wrote: Richard Lynch wrote: On Thu, April 19, 2007 10:28 pm, Myron Turner wrote: that should be necessary at this time. For instance, if it's necessary to pass in CGI parameters at the same time as sending out a file, the parameters can be tacked onto a query string and they will be packed into both the $_POST and the $_GET arrays. I've lost track of why the OP needs an md5 or whatever it is of the raw POST data, but MAYBE using an unknown MIME type and putting all the other args in the URL as $_GET parameters, would leave them with only the file itself to be parsed which would be pretty minimal parsing... There exists a mode of HTTP digest authentication where a header contains an MD5 hash of an MD5 hash of the POST body (along with a few other things that effectively add a salt to the hash, and provide the actual username/password authentication). This is used for integrity protection, to safegaurd against any malicious proxy or man in the middle attack from altering the form data while it's in transit from the authorized user to the web server. I'm a little lost here though... how can it be possible to put data into the URI as well as the POST body? The request is originating from the user-agent, not the server. Regardless though, the real problem with this proposed hack is how, through HTML code, would one instruct the user-agent to submit the form using multipart/form-data, but without it creating a Content-Type: multipart/form-data header in the request!? This sounds like an impossible task to me. In one of my early replies to this question, I suggested using Perl. But I assume you prefer not to. However, I have tried putting my head around a hack, which does use a small Perl script but which might do the trick for you.You use the Perl script in the action attribute of your form. The Perl script saves the entire posted output to a file, then it sends back a page which uses Javascript to redirect back to the php script, where you can process the file. You send the file name back to the php script from the perl script in the query string of the url. Here goes: ?php // upload.php if(isset($_GET['file'])) { /* do here whatever you have to in PHP */ echo 'h3' .$_GET['file'] . '/h3'; } ? form enctype=multipart/form-data action=save.cgi method=post Send this file: input name=userfile type=file / input type=submit name=submit value=Send File / /form - Then the Perl script: #!/usr/bin/perl # save.cgi if ($ENV{'REQUEST_METHOD'} eq POST) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); } print Content-Type: text/html\n\n; open FH, /var/www/html/d_wiki/upload/tmp.fil; print FH $buffer; close FH; print 'html/head'; print 'script language=javascriptlocation = upload.php?file=tmp.fil;/script'; print 'bodyh1Redirecting to upload.php?file=tmp.fil/h1/body/html'; You don't have to know much about Perl here. The only thing you would want to do is find out how to construct a unique temporary file name, for the saved file, which you would then probably delete in the PHP script after processing with PHP. Hope this helps. Myron -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On Thu, April 19, 2007 10:28 pm, Myron Turner wrote: that should be necessary at this time. For instance, if it's necessary to pass in CGI parameters at the same time as sending out a file, the parameters can be tacked onto a query string and they will be packed into both the $_POST and the $_GET arrays. I've lost track of why the OP needs an md5 or whatever it is of the raw POST data, but MAYBE using an unknown MIME type and putting all the other args in the URL as $_GET parameters, would leave them with only the file itself to be parsed which would be pretty minimal parsing... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On Thu, April 19, 2007 11:58 pm, Justin Frim wrote: Regarding some discussion a while back about putting in a feature request for obtaining the POST body... I can see the advantage of streaming the POST body directly to disk, because then you don't have to allocate a huge amount of memory for keeping a copy of the POST body in a variable. So maybe (and this is wishful thinking), a feature could be added to PHP where the entire POST body, unaltered, is streamed to a file in the same fasion as those individual temporary files referenced in the $_FILES[] array. Then for HTTP digest authenticated requests with integrity protection, I could just call md5_file() on this special file, and my world would be a whole lot simpler! (And any other script programmers, should they need to access the POST body for whatever reason, can just read the file and parse it however necessary. No gigantic memory overhead involved.) This sounds like a perfectly reasonable Feature Request to this naive reader... http://bugs.php.net/ -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
This is starting to get super ugly indeed... I was hoping I wouldn't have to essentially write an HTTP daemon from scratch, so I'll keep the sockets in mind as a *last* resort. As much as it would simplify things if $HTTP_RAW_POST_DATA (and friends) was fixed to always contain the data regardless of the Content-Type header used, it's going to take a long time before that fix trickles down into other people's PHP installations. Not everyone runs the latest versions, and this particular script I'm working on is being designed to be widely portable. *sigh* I started experimenting today with the idea of reconstructing a POST body from the $_POST[] and $_FILES[] arrays. It's doable, but with limitations. Form field names must not be permitted to contain periods, spaces, or opening square brackets. Those all get converted to underscores before the keys are created to the $_POST[] array, with no way to determine the original name. And if the form field name has both opening and closing square brackets respectively, weird funky sub-arraying occurs. Anyhow, I'd also need to do a workaround to this form field naming limitation, because server-side form-based image maps send the coordinates as formfieldname.x and formfieldname.y, no exceptions. So I'd have to search for any array key pairs that have identical names save for a _x and _y ending, and change the underscore back to a period. Of course this could mess up other form fields that just happen to end in _x and _y as specified in the HTML form, so I'd have to try several combinations (one each found key pair at a time + one for no changes) and keep comparing the hashes until I've found the correct POST body reconstruction. Then there's the final challenge: figuring out the order in which the form-data blocks were arranged in the original multipart body! It turns out the order of the $_POST[] array elements are created in the same order as the respective form-data parts in the original POST request, but if the form contains a file upload, it throws a wrench in the operation. The trouble is the $_POST[] array does not contain any elements for the file upload, so it's anyone's guess as to where in the multipart POST body the uploaded file data was inserted. The only solution I can think of is to try all the possible combinations until the correct hash is found. But if the form has several fields and multiple file uploads, this could take quite a long time... But hey, is this any dirtier than writing an entire middle-ware HTTP server in PHP? ;-) Richard Lynch wrote: One possibly super ugly hack... You could maybe write your own middle-ware HTTP server thingie with some kinda socket functions, do what you want with the input, and then pass it on to PHP somehow... I think you might maybe be better off putting in a Feature Request to get RAW_HTTP_POST_HEADERS or whatever it is turned on for multipart/form-data, or even declaring it a Bug. It might just get labeled bogus as a bug though... You may even have some luck looking at PHP source to try to submit a patch for it... Doesn't seem like it would be THAT hard to do, once you find the dang lines of C code that do file upload, and the other lines that do the RAW_HTTP thing... 'Course, it would take me months just to find those lines of code, knowing me. :-v -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
André Medeiros wrote: php://stdin perhaps? On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. You probably could use this small Perl script via exec: #!/usr/bin/perl if ($ENV{'REQUEST_METHOD'} eq POST) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); } print $buffer; -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On 4/19/07, Myron Turner [EMAIL PROTECTED] wrote: André Medeiros wrote: php://stdin perhaps? On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. You probably could use this small Perl script via exec: #!/usr/bin/perl if ($ENV{'REQUEST_METHOD'} eq POST) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); } print $buffer; If you call this script via exec, it can't return the POST data send to the PHP script right? btw, we are here on a PHP list, not PERL :) Tijnema -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On Thu, April 19, 2007 2:50 am, Justin Frim wrote: ... limitations. Form field names must not be permitted to contain periods, spaces, or opening square brackets. Those all get converted to underscores before the keys are created to the $_POST[] array, with no way to determine the original name. And if the form field name has both opening and closing square brackets respectively, weird funky sub-arraying occurs. Anyhow, I'd also need to do a workaround to this Don't be calling my form arrays weird funky! That's one of PHP's greatest features! :-) [lots more stuff deleted] Also, I'll point out that it's only sheer coincidence any ordering you are seeing in $_POST and the POST body. Well, not coincidence, but it's NOT a documented feature. The HTML/HTTP don't even have to provide the INPUTs in order, even though in practice, they all do that. Relying on that order is probably a Bad Idea all around. And, to make you even more miserable, it's not just . and [ that get converted to _ by PHP for the keys... Because of the history of PHP and register_globals, *ANY* character not fitting this PCRE pattern: [a-z_][a-z0-9_]* is gonna get converted... type=image name=image - image_x name=image.x - image_x name=image_x - image_x name=image[x - image_x name=image=x - image_x name=image{x - image_x name=image,x - image_x Of course, those may not be valid HTML names according to one or more HTTP specs you care to pull out... But that don't mean somebody somewhere isn't using them successfully and won't blame you when it breaks :-( -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Tijnema ! wrote: On 4/19/07, Myron Turner [EMAIL PROTECTED] wrote: André Medeiros wrote: php://stdin perhaps? On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. You probably could use this small Perl script via exec: #!/usr/bin/perl if ($ENV{'REQUEST_METHOD'} eq POST) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); } print $buffer; If you call this script via exec, it can't return the POST data send to the PHP script right? You're right. It doesn't carry across from Perl to PHP. As penance, I worked out how to do it using PHP: form action = post_data.php method=post input type= hidden value = abcdefg name=post_test input type = submit name=submit value=submit_this /form ?php if(isset($_POST['submit'])) { $putdata = fopen(php://input, r); /* Read the data and write it to stdout */ while ($data = fread($putdata, 1024)) echo $data, \n; /* Close the streams */ fclose($fp); fclose($putdata); } ? btw, we are here on a PHP list, not PERL :) Does this mean you wouldn't use exec or system to run anything but PHP scripts? Or just that you wouldn't talk about it here, under penalty of exclusion from PHP heaven? :) -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Sorry burst your bubble, but your solution isn't a viable one in my case. php://input only works if the form is submitted using application/x-www-form-urlencoded. Take your sample HTML code there and add enctype=multipart/form-data to the form tag, and I'm pretty sure you'll find that php://input contains no data. (Both PHP 5.2.1 running as a CGI on Windows and PHP 5.2.0 running as an Apache module on FreeBSD exhibit this behaviour.) And before anyone asks, it *is* a requirement to accept multipart/form-data submissions because that's the only way you can properly implement a file upload on a web form. Myron Turner wrote: Tijnema ! wrote: On 4/19/07, Myron Turner [EMAIL PROTECTED] wrote: André Medeiros wrote: php://stdin perhaps? On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. You probably could use this small Perl script via exec: #!/usr/bin/perl if ($ENV{'REQUEST_METHOD'} eq POST) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); } print $buffer; If you call this script via exec, it can't return the POST data send to the PHP script right? You're right. It doesn't carry across from Perl to PHP. As penance, I worked out how to do it using PHP: form action = post_data.php method=post input type= hidden value = abcdefg name=post_test input type = submit name=submit value=submit_this /form ?php if(isset($_POST['submit'])) { $putdata = fopen(php://input, r); /* Read the data and write it to stdout */ while ($data = fread($putdata, 1024)) echo $data, \n; /* Close the streams */ fclose($fp); fclose($putdata); } ? btw, we are here on a PHP list, not PERL :) Does this mean you wouldn't use exec or system to run anything but PHP scripts? Or just that you wouldn't talk about it here, under penalty of exclusion from PHP heaven? :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
That's not been my experience. I've tested it with enctype=multipart/form-data, since that's what you asked for, though the enctype wasn't included in my sample code. I've run it on PHP Version = 5.1.6 (Fedora core 4) and PHP 4.3.11 Fedora core 2. Here it is on Fedora 2: http://www.mturner.org/temp/post_data.php The code is http://www.mturner.org/temp/post_data.phps That latter is just a symbolic link to the former. It's possible that there's been a change in 5.2 that changes this behavior, or possibly the way the FreeBSD and Windows handle STDOUT. My little earlier snippet of Perl should work on any system, and so if you know any Perl, an elaboration of that would be the way to go. Justin Frim wrote: Sorry burst your bubble, but your solution isn't a viable one in my case. php://input only works if the form is submitted using application/x-www-form-urlencoded. Take your sample HTML code there and add enctype=multipart/form-data to the form tag, and I'm pretty sure you'll find that php://input contains no data. (Both PHP 5.2.1 running as a CGI on Windows and PHP 5.2.0 running as an Apache module on FreeBSD exhibit this behaviour.) And before anyone asks, it *is* a requirement to accept multipart/form-data submissions because that's the only way you can properly implement a file upload on a web form. -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Justin Frim wrote: Sorry burst your bubble, but your solution isn't a viable one in my case. php://input only works if the form is submitted using application/x-www-form-urlencoded. Take your sample HTML code there and add enctype=multipart/form-data to the form tag, and I'm pretty sure you'll find that php://input contains no data. (Both PHP 5.2.1 running as a CGI on Windows and PHP 5.2.0 running as an Apache module on FreeBSD exhibit this behaviour.) And before anyone asks, it *is* a requirement to accept multipart/form-data submissions because that's the only way you can properly implement a file upload on a web form. Good news and bad news. Rasmus reports on IRC: [21:57] Rasmus_ We never buffer the data in file upload mode [21:57] Rasmus_ it is streamed to disk, so no, you can't get it all in a variable like that [21:57] Rasmus_ set a different content-type if you want to do that [21:57] Rasmus_ assuming you have control over the client [21:58] CelloG can you do a file upload without multipart? [21:59] Rasmus_ Well, if you want to pick a POST apart yourself, sure [21:59] Rasmus_ set a mime type PHP doesn't understand and it will be in http_raw_post_data and then you can do whatever you want with it So the answer is sort of. You would have to parse the POST data yourself, but it is technically a possibility. Regards, Greg -- Experience the revolution, buy the PEAR Installer Manifesto http://www.packtpub.com/book/PEAR-installer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Myron Turner wrote: That's not been my experience. I've tested it with enctype=multipart/form-data, since that's what you asked for, though the enctype wasn't included in my sample code. I've run it on PHP Version = 5.1.6 (Fedora core 4) and PHP 4.3.11 Fedora core 2. Here it is on Fedora 2: http://www.mturner.org/temp/post_data.php The code is http://www.mturner.org/temp/post_data.phps the enctype attribute should be in the form tag, not the submit input. Put it in form and your php://input will disappear Greg -- Experience the revolution, buy the PEAR Installer Manifesto http://www.packtpub.com/book/PEAR-installer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Gregory Beaver wrote: [21:58] CelloG can you do a file upload without multipart? [21:59] Rasmus_ Well, if you want to pick a POST apart yourself, sure [21:59] Rasmus_ set a mime type PHP doesn't understand and it will be in http_raw_post_data and then you can do whatever you want with it So the answer is sort of. You would have to parse the POST data yourself, but it is technically a possibility. That was also in the back of my mind when responding. When file uploads first came out and weren't yet handled by the Perl CGI module, we had to learn to parse the input stream ourselves. It's still not clear why that should be necessary at this time. For instance, if it's necessary to pass in CGI parameters at the same time as sending out a file, the parameters can be tacked onto a query string and they will be packed into both the $_POST and the $_GET arrays. -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Gregory Beaver wrote: Myron Turner wrote: That's not been my experience. I've tested it with enctype=multipart/form-data, since that's what you asked for, though the enctype wasn't included in my sample code. I've run it on PHP Version = 5.1.6 (Fedora core 4) and PHP 4.3.11 Fedora core 2. Here it is on Fedora 2: http://www.mturner.org/temp/post_data.php The code is http://www.mturner.org/temp/post_data.phps the enctype attribute should be in the form tag, not the submit input. Put it in form and your php://input will disappear That's what happens when your trying to do too many tings at once. Thanks, Myron -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Interesting... But how will the user-agent know how to pack the data? AFAIK, if you don't specify enctype in the form tag, the user-agent will assume application/x-www-form-urlencoded. I'm assuming that if you put in something that's not recognized (like multipart/x-non-parsed-form-data), the user-agent won't know what it is and will again default to application/x-www-form-urlencoded. So to use the dirty hack suggested by Rasmus in that IRC log, I'd need some way of instructing the user-agent to use multipart/form-data, but then destroy the Content-Type header in the request *before* PHP sees it and snags the body. Gregory Beaver wrote: Good news and bad news. Rasmus reports on IRC: [21:57] Rasmus_ We never buffer the data in file upload mode [21:57] Rasmus_ it is streamed to disk, so no, you can't get it all in a variable like that [21:57] Rasmus_ set a different content-type if you want to do that [21:57] Rasmus_ assuming you have control over the client [21:58] CelloG can you do a file upload without multipart? [21:59] Rasmus_ Well, if you want to pick a POST apart yourself, sure [21:59] Rasmus_ set a mime type PHP doesn't understand and it will be in http_raw_post_data and then you can do whatever you want with it So the answer is sort of. You would have to parse the POST data yourself, but it is technically a possibility. Regards, Greg -- Experience the revolution, buy the PEAR Installer Manifesto http://www.packtpub.com/book/PEAR-installer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Regarding some discussion a while back about putting in a feature request for obtaining the POST body... I can see the advantage of streaming the POST body directly to disk, because then you don't have to allocate a huge amount of memory for keeping a copy of the POST body in a variable. So maybe (and this is wishful thinking), a feature could be added to PHP where the entire POST body, unaltered, is streamed to a file in the same fasion as those individual temporary files referenced in the $_FILES[] array. Then for HTTP digest authenticated requests with integrity protection, I could just call md5_file() on this special file, and my world would be a whole lot simpler! (And any other script programmers, should they need to access the POST body for whatever reason, can just read the file and parse it however necessary. No gigantic memory overhead involved.) Just a thought. Gregory Beaver wrote: Good news and bad news. Rasmus reports on IRC: [21:57] Rasmus_ We never buffer the data in file upload mode [21:57] Rasmus_ it is streamed to disk, so no, you can't get it all in a variable like that [21:57] Rasmus_ set a different content-type if you want to do that [21:57] Rasmus_ assuming you have control over the client [21:58] CelloG can you do a file upload without multipart? [21:59] Rasmus_ Well, if you want to pick a POST apart yourself, sure [21:59] Rasmus_ set a mime type PHP doesn't understand and it will be in http_raw_post_data and then you can do whatever you want with it So the answer is sort of. You would have to parse the POST data yourself, but it is technically a possibility. Regards, Greg -- Experience the revolution, buy the PEAR Installer Manifesto http://www.packtpub.com/book/PEAR-installer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] retrieve POST body?
Greetings, Is there any way to retrieve the POST message body when a form is submitted to a PHP script using multipart/form-data? I can't use just the $_POST[] and $_FILES[] arrays because I need to calculate the hash of an exact bit-accurate copy of the original POST body for data verification. (HTTP digest authentication with qop=auth-int.) Submitting the form using application/x-www-form-urlencoded is not an option either because the PHP script has to be able to handle forms with file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Justin Frim wrote: Is there any way to retrieve the POST message body when a form is submitted to a PHP script using multipart/form-data? There's the always_populate_raw_post_data configuration directive and the $HTTP_RAW_POST_DATA. Have you tried that? I recall being annoyed that always doesn't actually mean always, but I can't remember the exact scenario. Perhaps it doesn't populate that variable when the Content-Type is application/x-www-form-urlencoded, and it does in all other cases. Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Reading from php://input on a webserver will retrieve the Body of the HTTP Request. On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: Greetings, Is there any way to retrieve the POST message body when a form is submitted to a PHP script using multipart/form-data? I can't use just the $_POST[] and $_FILES[] arrays because I need to calculate the hash of an exact bit-accurate copy of the original POST body for data verification. (HTTP digest authentication with qop=auth-int.) Submitting the form using application/x-www-form-urlencoded is not an option either because the PHP script has to be able to handle forms with file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
Chris Shiflett wrote: Justin Frim wrote: Is there any way to retrieve the POST message body when a form is submitted to a PHP script using multipart/form-data? There's the always_populate_raw_post_data configuration directive and the $HTTP_RAW_POST_DATA. Have you tried that? Yes, that is already configured. It appears that $HTTP_RAW_POST_DATA only works for application/x-www-form-urlencoded, but not multipart/form-data. Same thing with $GLOBALS['HTTP_RAW_POST_DATA'] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
php://input ?? ;) On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: Chris Shiflett wrote: Justin Frim wrote: Is there any way to retrieve the POST message body when a form is submitted to a PHP script using multipart/form-data? There's the always_populate_raw_post_data configuration directive and the $HTTP_RAW_POST_DATA. Have you tried that? Yes, that is already configured. It appears that $HTTP_RAW_POST_DATA only works for application/x-www-form-urlencoded, but not multipart/form-data. Same thing with $GLOBALS['HTTP_RAW_POST_DATA'] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
php://stdin perhaps? On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
I tried that one too. For any POST requests (regardless of Content-Type), it's always blank. For GET requests, it contains the PHP script source code. André Medeiros wrote: php://stdin perhaps? On 4/18/07, Justin Frim [EMAIL PROTECTED] wrote: André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] retrieve POST body?
On Wed, April 18, 2007 11:03 am, Justin Frim wrote: André Medeiros wrote: Reading from php://input on a webserver will retrieve the Body of the HTTP Request. Not for me it doesn't. That only seems to work when the form is submitted as application/x-www-form-urlencoded. When the form is submitted as multipart/form-data, php://input is blank. One possibly super ugly hack... You could maybe write your own middle-ware HTTP server thingie with some kinda socket functions, do what you want with the input, and then pass it on to PHP somehow... I think you might maybe be better off putting in a Feature Request to get RAW_HTTP_POST_HEADERS or whatever it is turned on for multipart/form-data, or even declaring it a Bug. It might just get labeled bogus as a bug though... You may even have some luck looking at PHP source to try to submit a patch for it... Doesn't seem like it would be THAT hard to do, once you find the dang lines of C code that do file upload, and the other lines that do the RAW_HTTP thing... 'Course, it would take me months just to find those lines of code, knowing me. :-v -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php