Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:120703 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 97535 invoked from network); 27 Jun 2023 19:54:35 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 27 Jun 2023 19:54:35 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2B34C1804D4 for ; Tue, 27 Jun 2023 12:54:34 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-qt1-f174.google.com (mail-qt1-f174.google.com [209.85.160.174]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 27 Jun 2023 12:54:33 -0700 (PDT) Received: by mail-qt1-f174.google.com with SMTP id d75a77b69052e-4003cdbd675so36905531cf.3 for ; Tue, 27 Jun 2023 12:54:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benramsey.com; s=google; t=1687895673; x=1690487673; h=to:references:message-id:cc:date:in-reply-to:from:subject :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Y1SAkp2zM2aMnHSosG62e249KV6Ad2peLCq1YBB/spo=; b=K30uG3fdiETM130xwMYOYa1GU39jHYbw/J1cbL5I1z3Ip3b16x5S53A5+EdxobK9vO 5ttQJx6xlJzHgokB4bsoU5MMceaIu+rHLrOmujh+QvwTEAUOLEvAx6QWgFDzvbNfRxkn 9CsxqMwLOePGV4aUKRx+AMcKSWBEgPnfsPsBqvTeWQH58FhaPCXCkD08teRor1nlNLZJ HZM9llykZqP6MFccR+j25+Fq46xt1Hv0zB5TNlQhvlURsyjX5M+VwbjwI1iu0Rgw8Ka9 86ubDFBOIQ3eVUS7Z8SHAkOJEOaQzOyNO11t2JO+VqMNZZuQ5gwEaK77WIlpuogSyvZJ HW5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687895673; x=1690487673; h=to:references:message-id:cc:date:in-reply-to:from:subject :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Y1SAkp2zM2aMnHSosG62e249KV6Ad2peLCq1YBB/spo=; b=Nr31SxdNiOlQg9OrQqU8UkBZEil9wL6ULtl6wxDI1bEropbkTRUeW3qKcI2bwxpTtK ZqhsvGn8hXsUUO+Ar1DEYdJiDdO8GGyhwMSHYBQPwjLuPGWEmOuPoc602fgAoD6Dz5GH cDaaNDvX4Cs8zRrgbqOflgRQeuwSeqXhywbyx77lYZiECcxDEZOa6rx2yiBFV2UL7Y1e pIRf395moTqF15Dr93eR38Ke8XtJm5EHIc7po5e/cqi2bIkCSe4uWuTOZ/9RyOsHFm1i ddYG16PWIv/nDyqH4fWujVreLcNL12XcS3PzQIzoA6nFuo6bKfm6W1jDAcrpVUSFnosH Bkzg== X-Gm-Message-State: AC+VfDzQXvqNvSQPJTgHukk6Vl75Fi1b31HULYNR54Fvxa1z2HSef8+N hrmzHHoTKOdeWWQ5Lhy6puh/Nd9MalyNQEzGYhYEnA== X-Google-Smtp-Source: ACHHUZ5zgDFrYZ61l7qCuVY7tgAE14BaOI2OgS38XIJD5Z/1pE40Kk7s72BzdLXpdvNMBQ0DU5mSzQ== X-Received: by 2002:a05:622a:510:b0:401:b067:8920 with SMTP id l16-20020a05622a051000b00401b0678920mr5615061qtx.48.1687895672726; Tue, 27 Jun 2023 12:54:32 -0700 (PDT) Received: from smtpclient.apple (ec2-34-196-181-12.compute-1.amazonaws.com. [34.196.181.12]) by smtp.gmail.com with ESMTPSA id w14-20020ac86b0e000000b003e388264753sm4844879qts.65.2023.06.27.12.54.31 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Jun 2023 12:54:31 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_39A33067-6DA5-40C3-9471-88DC5107E7ED"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\)) In-Reply-To: Date: Tue, 27 Jun 2023 14:53:59 -0500 Cc: PHP internals Message-ID: <15D6E65D-97E3-4F82-8C8A-B8C1FB22D972@benramsey.com> References: To: Ilija Tovilo X-Mailer: Apple Mail (2.3731.600.7) Subject: Re: [PHP-DEV] RFC1867 (multipart/form-data) PUT requests From: ben@benramsey.com (Ben Ramsey) --Apple-Mail=_39A33067-6DA5-40C3-9471-88DC5107E7ED Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jun 27, 2023, at 04:01, Ilija Tovilo = wrote: >=20 > Hi Ben, Hi Rowan >=20 > On Mon, Jun 26, 2023 at 8:55=E2=80=AFPM Ben Ramsey = wrote: >>=20 >>> On Jun 20, 2023, at 06:06, Rowan Tommins = wrote: >>>=20 >>> On Tue, 20 Jun 2023 at 10:25, Ilija Tovilo = wrote: >>>=20 >>>> Introduce a new function (currently named populate_post_data()) to >>>> read the input stream and populate the $_POST and $_FILES >>>> superglobals. >>>=20 >>> How about "request_form_populate_globals"? >=20 > The word "form" seems a bit out of place (even though it appears in > both multipart/form-data and application/x-www-form-urlencoded), > because this function is mainly targeted at PUT/PATCH requests for > REST APIs. Maybe request_body_populate_globals? >=20 >> Another option for the name: `populate_multipart_form_data()`. >=20 > I avoided the term "multipart" because the function technically also > works for application/x-www-form-urlencoded requests. It's less > necessary for the reasons outlined in my previous email, but it would > allow for consistent handling of such requests for all HTTP methods. >=20 > Some people on GitHub voiced that they would prefer an INI setting. > Therefore I will create an RFC accordingly. I know this issue comes up enough because it=E2=80=99s confusing to = developers that there=E2=80=99s not a `$_PUT`, etc., but I=E2=80=99m not = a fan of introducing something new that populates globals. While I=E2=80=99ve never used `application/x-www-form-urlencoded` data = for `PUT` requests (because I don=E2=80=99t think it=E2=80=99s a proper = content-type for the semantics of `PUT`), I do see how this content-type = could be used with `PATCH`, and I also don=E2=80=99t want to rule-out = use cases of it for `PUT` or any other HTTP method. In the past, I=E2=80=99ve used something like the following to solve = this: parse_str(file_get_contents('php://input'), $data); I haven=E2=80=99t looked up how any of the frameworks solve this, but I = would be willing to bet they also do something similar. Rather than implementing functionality to populate globals, would you be = interested in introducing some new HTTP request functions. Something = like: http_request_body(): string http_parse_query(string $queryString): array `http_request_body()` would return the raw body and would be the = equivalent of calling `file_get_contents('php://input')`. Of special = note is that it should _always_ return the raw body, even if `$_POST` is = populated, for the sake of consistency and reducing confusion. `http_parse_query()` would be the opposite of `http_build_query()` and = would return a value instead of requiring a reference parameter, like = `parse_str()`. While these don=E2=80=99t address the confusion users face by not having = a `$_PUT` superglobal, I=E2=80=99d prefer not to overload the = superglobals. Maybe we can update the documentation to encourage use of = these new functions instead of the superglobals? We also might want to introduce something like `http_query_string(): = string` that always returns the raw query string, instead of requiring = use of the superglobal `$_SERVER['QUERY_STRING']`. Cheers, Ben --Apple-Mail=_39A33067-6DA5-40C3-9471-88DC5107E7ED Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQToXQMR3fpbrPOmEOewLZeYnIwHGwUCZJs+VwAKCRCwLZeYnIwH G31hAP9RnhBdcpaEj06UrKiaScSLJPMjE1E0QUQbYOiNdMMPJwD/R1jXiRHLnVNf tOBiENu2jdywLaW0v2ksPLj+qFVKSZ0= =2dPG -----END PGP SIGNATURE----- --Apple-Mail=_39A33067-6DA5-40C3-9471-88DC5107E7ED--