Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:50899 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 74837 invoked from network); 7 Dec 2010 13:07:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Dec 2010 13:07:45 -0000 Authentication-Results: pb1.pair.com header.from=glopes@nebm.ist.utl.pt; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=glopes@nebm.ist.utl.pt; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain nebm.ist.utl.pt from 193.136.128.21 cause and error) X-PHP-List-Original-Sender: glopes@nebm.ist.utl.pt X-Host-Fingerprint: 193.136.128.21 smtp1.ist.utl.pt Linux 2.6 Received: from [193.136.128.21] ([193.136.128.21:43201] helo=smtp1.ist.utl.pt) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 38/C0-04382-E913EFC4 for ; Tue, 07 Dec 2010 08:07:43 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.ist.utl.pt (Postfix) with ESMTP id 947FE70003DC; Tue, 7 Dec 2010 13:07:39 +0000 (WET) X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at ist.utl.pt Received: from smtp1.ist.utl.pt ([127.0.0.1]) by localhost (smtp1.ist.utl.pt [127.0.0.1]) (amavisd-new, port 10025) with LMTP id IeTQ3FO4Iwkd; Tue, 7 Dec 2010 13:07:39 +0000 (WET) Received: from mail2.ist.utl.pt (mail.ist.utl.pt [IPv6:2001:690:2100:1::8]) by smtp1.ist.utl.pt (Postfix) with ESMTP id 4EF2270003CE; Tue, 7 Dec 2010 13:07:39 +0000 (WET) Received: from damnation.dulce.lo.geleia.net (195.61.136.95.rev.vodafone.pt [95.136.61.195]) (Authenticated sender: ist155741) by mail2.ist.utl.pt (Postfix) with ESMTPSA id 1BA3C2006C3F; Tue, 7 Dec 2010 13:07:39 +0000 (WET) Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: "Derick Rethans" , "internals@lists.php.net" References: Date: Tue, 07 Dec 2010 13:07:42 -0000 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Organization: =?utf-8?Q?N=C3=BAcleo_de_Eng=2E_Biom=C3=A9di?= =?utf-8?Q?ca_do_IST?= Message-ID: In-Reply-To: User-Agent: Opera Mail/10.63 (Win32) Subject: Re: [PHP-DEV] [PATCH] Add option to disable POST data processing From: glopes@nebm.ist.utl.pt ("Gustavo Lopes") On Tue, 07 Dec 2010 12:01:59 -0000, Derick Rethans wrote: > On Tue, 7 Dec 2010, Gustavo Lopes wrote: > >> The very simple attached patch adds an option to disable POST data >> processing, which implies the data can only be read in >> a stream fashion through php://input. > > Does without this patch, reading POST data from php://input work? Maybe. In case of a multipart/form-data request, it won't. For other requests, it will. However, php://input will be reading from memory, not from the SAPI, because the entire POST data will be in memory. The new option makes the behavior for a POST request similar to that of e.g. a PUT request, i.e., data can only be read with php://input and it will *not* be copied entirely into memory before the user code executes. Of course the user can use something like file_get_contents('php://input') to do that, but, depending on the application, he may take advantage of the low memory usage a stream provides (for the XML payload example, he could use a SAX-like parser, for proxying or saving the entire request into disk -- possibly filtered -- he could use stream_copy_to_stream, etc.). > >> This introduces a new ini setting, disable_post_data_processing, but >> it's a benign one. No incompatibilities between setups will arise >> because no one will enable it globally (it would be insane), > > Because they can, people will do it though... I'm not fan of more ini > settings. > I'm sure someone somewhere will enable it eventually without being aware of what it does (despite the obvious name...); my point is that programmers don't need to program against it (unlike say, magic quotes) because no working PHP setup will have it enabled, as it breaks every script that handles POST data. -- Gustavo Lopes