Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103752 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 30702 invoked from network); 16 Jan 2019 23:39:49 -0000 Received: from unknown (HELO mail-ed1-f50.google.com) (209.85.208.50) by pb1.pair.com with SMTP; 16 Jan 2019 23:39:49 -0000 Received: by mail-ed1-f50.google.com with SMTP id b3so6541263ede.1 for ; Wed, 16 Jan 2019 12:16:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:date:from:to:cc:subject:in-reply-to:references :message-id:user-agent; bh=F9VlWR7f2EmqMUVzHIebf2k1g7h2tHCmU05Wbiw/+wo=; b=DJ0ucTBA3jQYcPH8jf2FPHD+a55QUYHZ7gK6QTnquL0A16eAto/UicEwn3ZB4XH6gh ncznxXhw6l7a8XPXATsozfIyTtidBwWlx211WsgPK5U87cweI6uI9avA1UBbMBP69Cqs jAZ/OwSutfNDQbfwO2rxRDRukCNNMCWKK7bM+7AUr5DBJvi/fQ9lCS0xEpk+obw/br8U ael+/WmQxtMyrJAr5gGUSGxhVLU4WdIu7JJX0zI2k0KjmIzhkgS2LBRiJeuXf3O6cFyV 7prXYzG0zzVPNwdIdjYgi4AeyVjzR5PJxqK0xSQ6pmisbwcYSBf+xCnHM+KzltYhlXJf 8a8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:from:to:cc:subject:in-reply-to :references:message-id:user-agent; bh=F9VlWR7f2EmqMUVzHIebf2k1g7h2tHCmU05Wbiw/+wo=; b=GrVF+fRIWITP/GNA35mANOvRVKEXXc5mxa1vzMbexDaE9CZOCmbsHD40erTV3BNGEq SQJ4G/ZQF3g6fyMuKB+4LsD/u1XY/oWD66fU4l4DAnDGzw+IyiFGqvpigeLpRtrVPuem kriWewvHKuHHYElThWmbCYTBwAJMQRqyF/bjc6iKaf2xaWeDOE+iBaVSwd5C4LZtk1UO v6Wc4ijpI90ojH5LBzQMGcAadx5f/Fn2bLYoWof5tl16p2Kmh5uE6COL2HfkevE0Uwv0 glutERrNDDGWT/44GvkSfT0ahM3s+F4k/X6fLzwT80QEVjaHxGjQ8oavh5g1/lBx8Jgl O5Yg== X-Gm-Message-State: AJcUukc2h4+JSgsnVskcUu2jAEpyPkOBO4Tfz/1OGM4Y4Ut3FROKO3LO 1buNcMdcRVcdJC3pgJO6TNBfwXLM X-Google-Smtp-Source: ALg8bN53xK0o5VBDgH5LkPXbRaJWGLijhBdQ3XfLEqkKWzmOERqbpYz5mkizBVFck6C//HTYcWrCaQ== X-Received: by 2002:aa7:db0e:: with SMTP id t14mr8888044eds.292.1547669760765; Wed, 16 Jan 2019 12:16:00 -0800 (PST) Received: from k-piste.fi (k-piste.fi. [178.62.210.197]) by smtp.gmail.com with ESMTPSA id i24sm5585790edq.0.2019.01.16.12.15.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 12:15:59 -0800 (PST) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_c78414d5909aec76889a0b973395001d" Date: Wed, 16 Jan 2019 22:15:58 +0200 To: Rasmus Schultz Cc: PHP internals , nikic@php.net In-Reply-To: References: Message-ID: X-Sender: lauri.kentta@gmail.com User-Agent: Roundcube Webmail/1.3.8 Subject: Re: [PHP-DEV] Possible bug in the implementation of php://input streams? From: lauri.kentta@gmail.com (=?UTF-8?Q?Lauri_Kentt=C3=A4?=) --=_c78414d5909aec76889a0b973395001d Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8; format=flowed On 2019-01-16 09:59, Rasmus Schultz wrote: > We've noticed something odd about the "php://input" stream. > > If you attempt to rewind() it after reading the stream, rewind() > returns > true, and ftell() subequently returns 0. > > However, attempting to read the stream again after that returns > nothing. It has so many layers of redirection that someone missed setting stream->position on one layer. Maybe someone would care to apply the attached patch to fix this. -- Lauri Kenttä --=_c78414d5909aec76889a0b973395001d Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=0001-Fix-seeking-in-php-input.txt Content-Disposition: attachment; filename=0001-Fix-seeking-in-php-input.txt; size=1832 RnJvbSAxZjY0YTJjYWY2MzY2MDlhYzAwNmVmNjAyMWJlYTBiY2EzYzkyMjQwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/TGF1cmk9MjBLZW50dD1DMz1BND89IDxsYXVy aS5rZW50dGFAZ21haWwuY29tPgpEYXRlOiBXZWQsIDE2IEphbiAyMDE5IDIyOjA4OjAzICswMjAw ClN1YmplY3Q6IFtQQVRDSF0gRml4IHNlZWtpbmcgaW4gcGhwOi8vaW5wdXQKCi0tLQogZXh0L3N0 YW5kYXJkL3BocF9mb3Blbl93cmFwcGVyLmMgICAgICAgICAgICAgfCAgMiArLQogdGVzdHMvYmFz aWMvZW5hYmxlX3Bvc3RfZGF0YV9yZWFkaW5nXzA3LnBocHQgfCAzNCArKysrKysrKysrKysrKysr KysrKwogMiBmaWxlcyBjaGFuZ2VkLCAzNSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCiBj cmVhdGUgbW9kZSAxMDA2NDQgdGVzdHMvYmFzaWMvZW5hYmxlX3Bvc3RfZGF0YV9yZWFkaW5nXzA3 LnBocHQKCmRpZmYgLS1naXQgYS9leHQvc3RhbmRhcmQvcGhwX2ZvcGVuX3dyYXBwZXIuYyBiL2V4 dC9zdGFuZGFyZC9waHBfZm9wZW5fd3JhcHBlci5jCmluZGV4IGQ2OWI2MWRhMjkuLjA2ZDJiNWYy OGMgMTAwNjQ0Ci0tLSBhL2V4dC9zdGFuZGFyZC9waHBfZm9wZW5fd3JhcHBlci5jCisrKyBiL2V4 dC9zdGFuZGFyZC9waHBfZm9wZW5fd3JhcHBlci5jCkBAIC0xMjgsNyArMTI4LDcgQEAgc3RhdGlj IGludCBwaHBfc3RyZWFtX2lucHV0X3NlZWsocGhwX3N0cmVhbSAqc3RyZWFtLCB6ZW5kX29mZl90 IG9mZnNldCwgaW50IHdoZW4KIAogCWlmIChpbnB1dC0+Ym9keSkgewogCQlpbnQgc291Z2h0ID0g cGhwX3N0cmVhbV9zZWVrKGlucHV0LT5ib2R5LCBvZmZzZXQsIHdoZW5jZSk7Ci0JCSpuZXdvZmZz ZXQgPSAoaW5wdXQtPmJvZHkpLT5wb3NpdGlvbjsKKwkJKm5ld29mZnNldCA9IGlucHV0LT5wb3Np dGlvbiA9IChpbnB1dC0+Ym9keSktPnBvc2l0aW9uOwogCQlyZXR1cm4gc291Z2h0OwogCX0KIApk aWZmIC0tZ2l0IGEvdGVzdHMvYmFzaWMvZW5hYmxlX3Bvc3RfZGF0YV9yZWFkaW5nXzA3LnBocHQg Yi90ZXN0cy9iYXNpYy9lbmFibGVfcG9zdF9kYXRhX3JlYWRpbmdfMDcucGhwdApuZXcgZmlsZSBt b2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwLi5iNThlMTU4Y2Y4Ci0tLSAvZGV2L251bGwKKysr IGIvdGVzdHMvYmFzaWMvZW5hYmxlX3Bvc3RfZGF0YV9yZWFkaW5nXzA3LnBocHQKQEAgLTAsMCAr MSwzNCBAQAorLS1URVNULS0KK2VuYWJsZV9wb3N0X2RhdGFfcmVhZGluZzogc2Vla2luZyBpbiBw aHA6Ly9pbnB1dAorLS1JTkktLQorZW5hYmxlX3Bvc3RfZGF0YV9yZWFkaW5nPTEKKy0tUE9TVF9S QVctLQorQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi91bmtub3duCiswMTIzNDU2Nzg5CistLUZJ TEUtLQorPD9waHAKK2VjaG8gIlRlc3RcbiI7CisKKyRmMSA9IGZvcGVuKCJwaHA6Ly9pbnB1dCIs ICJyIik7Citmc2VlaygkZjEsIDMsIFNFRUtfU0VUKTsKK2VjaG8gZmdldGMoJGYxKTsKK2ZzZWVr KCRmMSwgMSwgU0VFS19TRVQpOworZWNobyBmZ2V0YygkZjEpOworZnNlZWsoJGYxLCAzLCBTRUVL X0NVUik7CitlY2hvIGZnZXRjKCRmMSk7Citmc2VlaygkZjEsIC0zLCBTRUVLX0NVUik7CitlY2hv IGZnZXRjKCRmMSk7Citmc2VlaygkZjEsIDMsIFNFRUtfRU5EKTsKK2VjaG8gZmdldGMoJGYxKTsK K2ZzZWVrKCRmMSwgLTMsIFNFRUtfRU5EKTsKKyRmMiA9IGZvcGVuKCJwaHA6Ly9pbnB1dCIsICJy Iik7Citmc2VlaygkZjIsIDEsIFNFRUtfU0VUKTsKK2VjaG8gZmdldGMoJGYxKTsKK2VjaG8gZmdl dGMoJGYyKTsKKz8+CisKK0RvbmUKKy0tRVhQRUNULS0KK1Rlc3QKKzMxNTM3MQorRG9uZQotLSAK Mi4yMC4xCgo= --=_c78414d5909aec76889a0b973395001d--