Parsing PUT data - Externals

11 years ago by Dave — view source

unread

Hi All,

Firstly, let me know if this is particularly spammy/inappropriate for this
list.

I just wanted to get some feedback on a long-time feature request (2011)
about treating PUT the same as POST in terms of re-using the existing form
parser. See https://bugs.php.net/bug.php?id=55815 for details.

Normally, I wouldn't have posted this to internals, but as you can see,
there's been no movement on this for a long time.

In short, in order to provide a proper REST service that supports multipart
form data, we need someway to parse data sent via PUT (data is available
via php://input, but it needs to be parsed).
Could be as simple as adding $_PUT / $_FILES for PUT data.

What's the best way to move this forward?
Do I need to create a patch/RFC? Or is this something someone can just pick
up?

Thanks,
Dave

11 years ago by Tjerk Meesters — view source

unread

Hi All,

Firstly, let me know if this is particularly spammy/inappropriate for this
list.

I just wanted to get some feedback on a long-time feature request (2011)
about treating PUT the same as POST in terms of re-using the existing form
parser. See https://bugs.php.net/bug.php?id=55815 for details.

Normally, I wouldn't have posted this to internals, but as you can see,
there's been no movement on this for a long time.

In short, in order to provide a proper REST service that supports multipart
form data, we need someway to parse data sent via PUT (data is available
via php://input, but it needs to be parsed).
Could be as simple as adding $_PUT / $_FILES for PUT data.

Perhaps it might be a better idea to expose the multipart parser as a
function, so that you can bind the decoded body to either an object or
array. The trick is to keep is_uploaded_file(), etc. working, though.

What's the best way to move this forward?
Do I need to create a patch/RFC? Or is this something someone can just pick
up?

Thanks,
Dave

--

Tjerk

11 years ago by Ryan McCue — view source

unread

Tjerk Meesters wrote:

Perhaps it might be a better idea to expose the multipart parser as a
function, so that you can bind the decoded body to either an object or
array. The trick is to keep is_uploaded_file(), etc. working, though.

I've looked into this before (for almost this exact issue), and PHP
internally checks that the file was originally created by the internal
parser. If that's changed, there's probably security concerns with doing so.

+1 on the idea though.

--
Ryan McCue
<http://ryanmccue.info/