Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63228
Return-Path: <julienpauli@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 10099 invoked from network); 24 Sep 2012 14:49:20 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Sep 2012 14:49:20 -0000
Authentication-Results: pb1.pair.com header.from=julienpauli@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=julienpauli@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.170 as permitted sender)
X-PHP-List-Original-Sender: julienpauli@gmail.com
X-Host-Fingerprint: 209.85.223.170 mail-ie0-f170.google.com  
Received: from [209.85.223.170] ([209.85.223.170:43594] helo=mail-ie0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7D/AE-17579-FE270605 for <internals@lists.php.net>; Mon, 24 Sep 2012 10:49:19 -0400
Received: by iebc12 with SMTP id c12so10975059ieb.29
        for <internals@lists.php.net>; Mon, 24 Sep 2012 07:49:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:cc:content-type;
        bh=Yc0ai+NC9bX8/mu3O3u7G0PZbXkyL8Ceto+BDYrYeZ4=;
        b=gcWGzhUkdliGGcFLQqcFgYUWKDSXKp5oxAENGn47tmY1wuF7r90B+1a4JkVLHAxg/k
         g8FJ4J1GtiIQzNEFpZFkly1+gdLuB5KPP4wJT5CouMZ+CmpTK3+xnZsKWFaUizL8wRAM
         /jzxXs5/od+UUN8XTVJhYbhioPDV/RsM4GWSPOWgvvYb59SdL1viZus64GS/ZjTflNpe
         UPqJLgW6enUG9LvL9/zFS2j1ORjdYzzxcs2OYUIpG31W4hRrHVVxlnjIRxaooOFXfbur
         nss394nGqYU9b3rDJW9YEgQYGIdFlRgr90jkdvYzAhhNOHHJGBbvhG4KrBo1k9Rn76L+
         sFUQ==
Received: by 10.50.47.227 with SMTP id g3mr5512724ign.5.1348498157400; Mon, 24
 Sep 2012 07:49:17 -0700 (PDT)
MIME-Version: 1.0
Sender: julienpauli@gmail.com
Received: by 10.64.63.201 with HTTP; Mon, 24 Sep 2012 07:48:37 -0700 (PDT)
In-Reply-To: <50606C6D.6080709@hoa-project.net>
References: <505C4A06.6040304@hoa-project.net> <CAMUwpuSAjPA+XGXQC38Yiq8f251542vt+vxdw5dw4o0cp3A_eA@mail.gmail.com>
 <50606C6D.6080709@hoa-project.net>
Date: Mon, 24 Sep 2012 16:48:37 +0200
X-Google-Sender-Auth: nAY55CHtjFxIQMXd4tasYW6i_4o
Message-ID: <CAMUwpuTM+dB-PYEyCkzE-bS1UWEQQCrppvnyBayMJv6kwGpb3A@mail.gmail.com>
To: ivan.enderlin@hoa-project.net
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] POST, content-type: application/json and json_decode
From: jpauli@php.net (jpauli)

On Mon, Sep 24, 2012 at 4:21 PM, Ivan Enderlin @ Hoa
<ivan.enderlin@hoa-project.net> wrote:
> On 21/09/12 16:16, jpauli wrote:
>>
>> On Fri, Sep 21, 2012 at 1:05 PM, Ivan Enderlin @ Hoa
>> <ivan.enderlin@hoa-project.net> wrote:
>>>
>>> Hello,
>>>
>>> If PHP receives a HTTP request with the method POST and with the header
>>> Content-Type: application/x-www-form-encoded, then, it automatically
>>> parses
>>> the request body to populate an array in $_POST. If the Content-Type is
>>> different (e.g. text/plain or application/json), the request body is
>>> reachable by reading php://input. Well, it is ok.
>>>
>>> But is there any plans to consider application/json by parsing the
>>> request
>>> body and populate the result in $_POST (with the help of json_decode()
>>> maybe)?
>>>
>>> If so, I would like to propose a patch but I don't find in the source
>>> code
>>> where request body is caugth and parsed (for POST). Any ideas?
>>> Maybe a RFC would also be welcome to complete my suggestion?
>>>
>>> Thanks.
>>
>> Hi !
>>
>> Reading and parsing post data function is defined as a SAPI struct
>> function pointer.
>> You should look at sapi_module_struct definition
>> (http://lxr.php.net/xref/PHP_5_4/main/SAPI.h#251).
>>
>> When a request comes in, sapi_activate() is called. It then calls
>> sapi_read_post_data() http://lxr.php.net/xref/PHP_5_4/main/SAPI.c#459
>> that itself invokes handlers.
>> Default handlers are defined here :
>> http://lxr.php.net/xref/PHP_5_4/main/php_content_types.c#29 and for
>> POST, by default, sapi_read_standard_form_data() is called (defined
>> here http://lxr.php.net/xref/PHP_5_4/main/SAPI.c#253)
>> This function is in fact just a bridge, it tells PHP to call
>> sapi.read_post() which is a function pointer defined by each SAPI.
>> Finally, later on, sapi.default_post_reader() is called (again, a
>> function pointer defined by each SAPI)
>
> I have some questions. Julien told me in private that he didn't know, hope
> other could reply.
>
> By reading the code, I understand that each SAPI is responsible of parsing
> the body of a POST request if it is application/x-www-form-urlencoded. Am I
> right? In SAPI.c, I read that it delegates this task to
> sapi_module.read_post by giving SG(request_info).post_data (please, see
> main/SAPI.c#266).
>
> It implies that if we would like to add the support of application/json,
> then we have to do it for each SAPI? Not very nice :-/.
>
> When I will locate the code to edit, I'm planning to use php_json_decode_ex
> & co.  (please, see ext/json/json.c#633), but the hash collision risk is
> always present. In every case, json_decode() must be protected again hash
> collision (please, see https://bugs.php.net/60655).

The hash collision is a behavior our HashTable implementation carries anyway.
Removing it can only be done safely by changing the hash algorithm,
which is not such an easy task in case of PHP.

I suggest you start your POC writting the json handler without
worrying about hash collisions :)

Julien.P