Edit report at https://bugs.php.net/bug.php?id=22427&edit=1
ID: 22427 Comment by: chris at manhattaninteractive dot com Reported by: jroland at uow dot edu dot au Summary: Missing Form Post Data Status: No Feedback Type: Bug Package: *General Issues Operating System: Windows XP / 2000 PHP Version: 4.2.3 Block user comment: N Private report: N New Comment: Seems like I have the original issue, but not with the same symptoms of all the off-topic add ins over the years. Ubuntu 12.04, php 5.3.10-1ubuntu3.6 Problem exists in all browsers (yes, FF 19.0.2), did not with same scripts on previous system (centos, php 5x). TamperData shows the request going out with: 18:16:20.556[227ms][total 227ms] Status: 200[OK] POST http://XXXXXXXXX.com/YYYYYYYYY/TARGET_SCRIPT.php Load Flags[LOAD_BYPASS_CACHE LOAD_BACKGROUND INHIBIT_CACHING ] Content Size[1303] Mime Type[text/html] Request Headers: Host[XXXXXXXXX.com] User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0] Accept[application/json, text/javascript, */*; q=0.01] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate] DNT[1] Content-Type[application/x-www-form-urlencoded; charset=UTF-8] X-Requested-With[XMLHttpRequest] Referer[http://XXXXXXXXX.com/YYYYYYYYYYY/ZZZZZZZ1.php] Content-Length[89] Authorization[Basic cHJfZGVtb1VzZXI6NElQY01F] Connection[keep-alive] Pragma[no-cache] Cache-Control[no-cache] Post Data: customerID[915690000000000000000000000000c4f] reportTitle[Sample] responseFormat[json] toolName[newRep] sub1[6000000] sub2[] sub3[] Response Headers: Date[Tue, 02 Apr 2013 01:16:21 GMT] Server[Apache/2.2.22 (Ubuntu)] Vary[Accept-Encoding] Content-Encoding[gzip] Content-Length[1303] Keep-Alive[timeout=5, max=100] Connection[Keep-Alive] Content-Type[text/html] Problem is, the php script called only gets the first three post vars. This is 100% consistent, I have tried expanding the suhosin caps, and also disabling suhosin completely (via "suhosin.simulation = On" in php.ini) with no change in behavior. It is shocking to me that a critical issue like this has been allowed to persist for 10 years! Previous Comments: ------------------------------------------------------------------------ [2013-02-18 00:04:55] php-bugs at lists dot php dot net No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. ------------------------------------------------------------------------ [2012-10-17 14:39:15] vincentwansink at shaw dot ca I am having this problem now with version 5.4.0. I am shocked to see that this issue has been around since 2003 and it is still happening. I've been using PHP for about 8 years and never came across this before. Also this just started happening to me after I moved my site to a brand new server and upgraded to version 5.4 so I'm guessing there must be some unique configuration combination that causes this to happen. I am having it happen with small text fields (20 characters or less). Being able to rely on post back data is obviously critical to any PHP application so why is this bug still around? It's embarassing to have to tell my clients "I don't know why it's doing that". ------------------------------------------------------------------------ [2010-07-07 10:52:52] paj...@php.net We don't support PHP 4 anymore and we never supported patched PHP (like with Suhosin). Please try again with a recent PHP version, unpatched. ------------------------------------------------------------------------ [2010-07-07 10:47:00] kernelu at gmail dot com Had the same problem (the submited data was truncated) and fixed it by editing the suhosin.ini file, something like this(uncommented some lines and increased the values): ; Filtering Options ;suhosin.filter.action = ;suhosin.cookie.max_array_depth = 100 ;suhosin.cookie.max_array_index_length = 64 ;suhosin.cookie.max_name_length = 64 ;suhosin.cookie.max_totalname_length = 256 ;suhosin.cookie.max_value_length = 10000 ;suhosin.cookie.max_vars = 100 ;suhosin.cookie.disallow_nul = on suhosin.get.max_array_depth = 150 suhosin.get.max_array_index_length = 164 suhosin.get.max_name_length = 164 suhosin.get.max_totalname_length = 512 suhosin.get.max_value_length = 1024 suhosin.get.max_vars = 500 suhosin.get.disallow_nul = on suhosin.post.max_array_depth = 500 suhosin.post.max_array_index_length = 1024 suhosin.post.max_name_length = 164 suhosin.post.max_totalname_length = 1256 suhosin.post.max_value_length = 650000 suhosin.post.max_vars = 1200 suhosin.post.disallow_nul = on suhosin.request.max_array_depth = 500 suhosin.request.max_array_index_length = 1024 suhosin.request.max_totalname_length = 1256 suhosin.request.max_value_length = 650000 suhosin.request.max_vars = 1200 suhosin.request.max_varname_length = 164 suhosin.request.disallow_nul = on ;suhosin.upload.max_uploads = 25 ;suhosin.upload.disallow_elf = on ;suhosin.upload.disallow_binary = off ;suhosin.upload.remove_binary = off ;suhosin.upload.verification_script = ;suhosin.session.max_id_length = 128 ------------------------------------------------------------------------ [2010-02-03 10:22:15] lars at renoz dot dk Same problem here - $_POST is randomly incomplete or empty. I have only seen this with IE - from version 6 to 8. tcpdump shows a bit more of the story: user sends: POST /bla.php?id=bla ... Content-Length: 80 but there is no data in that packet. A bit later Apache reaches timeout, and closes the connection. At this point it send a 503 error to the user, but executes PHP with the incomplete post. After the user received the 503 error - the browser actually sends a packet with the missing post data. Strange and clearly a browser bug. It should be noted that the post is so small that there is plenty of room in the first packet. Now - the strange part is - why is PHP being executed? And why is PHP allowing it self to be executed. Content-Length is clearly invalid, and the conntection is closed (and PHP is setup to ignore aborted requests (ignore_user_abort is off). ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=22427 -- Edit this bug report at https://bugs.php.net/bug.php?id=22427&edit=1
