Edit report at https://bugs.php.net/bug.php?id=55504&edit=1
ID: 55504
Updated by: bj...@php.net
Reported by: mumu at seznam dot cz
Summary: Content-Type header is not parsed correctly on HTTP
POST request
-Status: Assigned
+Status: Closed
Type: Bug
Package: Unknown/Other Function
Operating System: FreeBSD, Windows Server 2008
PHP Version: 5.3.8
Assigned To: bjori
Block user comment: N
Private report: N
New Comment:
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
For Windows:
http://windows.php.net/snapshots/
Thank you for the report, and for helping us make PHP better.
Previous Comments:
------------------------------------------------------------------------
[2011-09-07 16:18:56] bj...@php.net
Automatic comment from SVN on behalf of bjori
Revision: http://svn.php.net/viewvc/?view=revision&revision=316373
Log: Fixed bug #55504 (Content-Type header is not parsed correctly on HTTP POST
request
------------------------------------------------------------------------
[2011-08-26 07:15:35] mumu at seznam dot cz
The test call in the original comment is not correct. It should state:
Content-Type: multipart/form-data; boundary=BVoyv; charset=iso-8859-1
Accept: */*
Content-Length: 72
Host: example.com
--BVoyv
Content-Disposition: form-data; name="data"
abc
--BVoyv--
------------------------------------------------------------------------
[2011-08-25 06:18:07] mumu at seznam dot cz
Description:
------------
HTTP POST is not parsed correctly when the "boundary" parameter of the
Content-Type HTTP header is not the last parameter on the line.
---
Guessing (might be wrong):
In the first case, PHP parses the ";" (and maybe also the rest of the line)
after the boundary still as part of the boundary value. As a result, the POST
DATA are not "understood" correctly. However, the following parts from RFC 1521
states clearly that ";" could not be part of the boundary:
tspecials := "(" / ")" / "<" / ">" / "@"
/ "," / ";" / ":" / "\" / <">
/ "/" / "[" / "]" / "?" / "="
; Must be in quoted-string,
; to use within parameter values
boundary := 0*69<bchars> bcharsnospace
bchars := bcharsnospace / " "
bcharsnospace := DIGIT / ALPHA / "'" / "(" / ")" / "+" /"_"
/ "," / "-" / "." / "/" / ":" / "=" / "?"
Test script:
---------------
Consider the following call to a PHP script running on an Apache server.
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=BVoyv; charset=iso-8859-1
Accept: */*
Content-Length: 72
Host: example.com
Content-Disposition: form-data; name="data"
abc
--BVoyv--
And a corresponding PHP script:
<?php
print_r(getallheaders());
print_r($_REQUEST);
?>
In this case, the POST data are not seen on the PHP side, as shown on the
output:
Array
(
[Connection] => Keep-Alive
[Content-Type] => multipart/form-data; boundary=BVoyv; charset=iso-8859-1
[Accept] => */*
[Content-Length] => 72
[Host] => example.com
)
Array
(
)
However, after changing order of parameters in the Content-Type header to:
"Content-Type: multipart/form-data; charset=iso-8859-1; boundary=BVoyv"
the script output is as expected (notify appearing of the [data] line):
Array
(
[Connection] => Keep-Alive
[Content-Type] => multipart/form-data; charset=iso-8859-1; boundary=BVoyv
[Accept] => */*
[Content-Length] => 72
[Host] => example.com
)
Array
(
[data] => abc
)
Expected result:
----------------
Both cases should be equal to each other.
Actual result:
--------------
In the first case, the "data" parameter is not available to the script.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=55504&edit=1
