Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:50885 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 19998 invoked from network); 7 Dec 2010 07:13:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Dec 2010 07:13:32 -0000 Authentication-Results: pb1.pair.com smtp.mail=glopes@nebm.ist.utl.pt; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=glopes@nebm.ist.utl.pt; sender-id=unknown Received-SPF: error (pb1.pair.com: domain nebm.ist.utl.pt from 193.136.128.21 cause and error) X-PHP-List-Original-Sender: glopes@nebm.ist.utl.pt X-Host-Fingerprint: 193.136.128.21 smtp1.ist.utl.pt Linux 2.6 Received: from [193.136.128.21] ([193.136.128.21:35110] helo=smtp1.ist.utl.pt) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 72/27-59654-99EDDFC4 for ; Tue, 07 Dec 2010 02:13:31 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.ist.utl.pt (Postfix) with ESMTP id A10F37007647 for ; Tue, 7 Dec 2010 07:13:26 +0000 (WET) X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at ist.utl.pt Received: from smtp1.ist.utl.pt ([127.0.0.1]) by localhost (smtp1.ist.utl.pt [127.0.0.1]) (amavisd-new, port 10025) with LMTP id zdJZcPX1LPRp for ; Tue, 7 Dec 2010 07:13:25 +0000 (WET) Received: from mail2.ist.utl.pt (mail2.ist.utl.pt [193.136.128.12]) by smtp1.ist.utl.pt (Postfix) with ESMTP id 032A470073E3 for ; Tue, 7 Dec 2010 07:13:23 +0000 (WET) Received: from damnation.dulce.lo.geleia.net (195.61.136.95.rev.vodafone.pt [95.136.61.195]) (Authenticated sender: ist155741) by mail2.ist.utl.pt (Postfix) with ESMTPSA id B83A520196E9 for ; Tue, 7 Dec 2010 07:08:32 +0000 (WET) Content-Type: multipart/mixed; boundary=----------CuygBk2CqD2vlhDNDt5nVH To: "internals@lists.php.net" Date: Tue, 07 Dec 2010 07:08:34 -0000 MIME-Version: 1.0 Organization: =?utf-8?Q?N=C3=BAcleo_de_Eng=2E_Biom=C3=A9di?= =?utf-8?Q?ca_do_IST?= Message-ID: User-Agent: Opera Mail/10.63 (Win32) Subject: [PATCH] Add option to disable POST data processing From: glopes@nebm.ist.utl.pt ("Gustavo Lopes") ------------CuygBk2CqD2vlhDNDt5nVH Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit The very simple attached patch adds an option to disable POST data processing, which implies the data can only be read in a stream fashion through php://input. As far as I know, PHP offers no way to inhibit processing RFC 1867 data and one has to use very hacky means to accomplish that. This is often required (or at least convenient) in order to, e.g., proxy requests or handle file uploads in memory. For other types of requests, the default processing of POST data may also be a problem. Take a non-application/x-www-form-urlencoded POST requests (say, some kind of RPC with a big XML payload) -- PHP is very memory inefficient as it will hold the whole POST data into memory and duplicate it twice (from SG(request_info).post_data to $HTTP_RAW_POST_DATA -- even if always_populate_raw_post_data=0 -- and SG(request_info).raw_post_data). This introduces a new ini setting, disable_post_data_processing, but it's a benign one. No incompatibilities between setups will arise because no one will enable it globally (it would be insane), only selectively to the scripts that require it. The reason for an ini setting is that it must be set early in the request life. Thoughts? -- Gustavo Lopes ------------CuygBk2CqD2vlhDNDt5nVH Content-Disposition: attachment; filename=disable_post.diff.txt Content-Type: text/plain; name=disable_post.diff.txt Content-Transfer-Encoding: 7bit Index: main/main.c =================================================================== --- main/main.c (revision 305891) +++ main/main.c (working copy) @@ -491,6 +491,7 @@ STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("disable_post_data_processing", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, disable_post_data_processing, php_core_globals, core_globals) STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals) STD_PHP_INI_ENTRY("realpath_cache_ttl", "120", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_ttl, virtual_cwd_globals, cwd_globals) Index: main/php_globals.h =================================================================== --- main/php_globals.h (revision 305891) +++ main/php_globals.h (working copy) @@ -133,6 +133,7 @@ zend_bool during_request_startup; zend_bool allow_url_fopen; zend_bool always_populate_raw_post_data; + zend_bool disable_post_data_processing; zend_bool report_zend_debug; int last_error_type; Index: main/SAPI.c =================================================================== --- main/SAPI.c (revision 305891) +++ main/SAPI.c (working copy) @@ -393,7 +393,7 @@ /* handle request mehtod */ if (SG(server_context)) { - if ( SG(request_info).request_method) { + if (!PG(disable_post_data_processing) && SG(request_info).request_method) { if(!strcmp(SG(request_info).request_method, "POST") && (SG(request_info).content_type)) { /* HTTP POST -> may contain form data to be read into variables Index: tests/basic/disable_post_data_processing_01.phpt =================================================================== --- tests/basic/disable_post_data_processing_01.phpt (revision 0) +++ tests/basic/disable_post_data_processing_01.phpt (revision 0) @@ -0,0 +1,22 @@ +--TEST-- +disable_post_data_processing: basic test +--INI-- +disable_post_data_processing=1 +--POST_RAW-- +Content-Type: application/x-www-form-urlencoded +a=1&b=ZYX +--FILE-- +