Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:25271
Return-Path: <wrowe@rowe-clan.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 91054 invoked by uid 1010); 9 Aug 2006 17:39:35 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 91039 invoked from network); 9 Aug 2006 17:39:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Aug 2006 17:39:35 -0000
X-PHP-List-Original-Sender: wrowe@rowe-clan.net
X-Host-Fingerprint: 207.155.252.219 warrior.cnchost.com Solaris 10 (beta)
Received: from ([207.155.252.219:62554] helo=warrior.cnchost.com)
	by pb1.pair.com (ecelerity 2.1.1.3 r(11751M)) with ESMTP
	id 1E/2C-30310-3781AD44 for <internals@lists.php.net>; Wed, 09 Aug 2006 13:16:37 -0400
Received: from [17.210.79.163] (unknown [192.42.249.151])
	(as wrowe@rowe-clan.net)
	by warrior.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 5E43A23D5;
	Wed,  9 Aug 2006 13:14:10 -0400 (EDT)
Message-ID: <44DA17B3.4040500@rowe-clan.net>
Date: Wed, 09 Aug 2006 10:13:23 -0700
User-Agent: Thunderbird 1.5.0.5 (X11/20060808)
MIME-Version: 1.0
To: Arpad Ray <arpad@rajeczy.com>
CC: "Unknown W. Brackets" <unknown@simplemachines.org>, 
 internals@lists.php.net
References: <57792e850608081529g25f22a28wf768fcffe8801bb5@mail.gmail.com>	 <44D91BE0.3040303@filemobile.com> <1944df00608081956p55c161c2o8f0aa6329e682918@mail.gmail.com> <39.CC.30310.132F9D44@pb1.pair.com> <44D9FCC4.8030408@rajeczy.com>
In-Reply-To: <44D9FCC4.8030408@rajeczy.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Upload progress
From: wrowe@rowe-clan.net ("William A. Rowe, Jr.")

Arpad Ray wrote:
> If you set post_max_size to 0, you can parse the post data yourself from
> php://input. Combine that with the Content-Length value from
> apache_request_headers() and you have everything you need for a progress
> monitor.

Of course - this is entirely irrelevant if the client uses
Transfer-Encoding: chunked, in which case you better ignore Content-Length
if the client (or middle proxies) provided one.  And if you don't grok this,
you'd better search for the Watchfire Report on HTTP Request / Response
Spoofing vulnerabilities before creating yet another vulnerable server app.