Jump to content

automatically populating $HTTP_RAW_POST_DATA


NotionCommotion

Recommended Posts

I have two curl requests.  One works fine and the other causes an error.

-sh-4.1$ curl -X POST --header 'Accept: application/json' --header 'api_key: main_key' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/1.0/test'

{"post":{"{_\"property_one\":_\"string\",_\"property_two\":_\"string\"_}":""}}

-sh-4.1$ curl -X POST --header 'Content-Type: application/json' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/1.0/test'

<br />
<b>Deprecated</b>:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
{"post":[]}<br />

Per http://php.net/manual/en/migration56.deprecated.php#migration56.deprecated.raw-post-data:

 

$HTTP_RAW_POST_DATA and always_populate_raw_post_data

always_populate_raw_post_data will now generate an E_DEPRECATED error when $HTTP_RAW_POST_DATA is populated. New code should use php://input instead of $HTTP_RAW_POST_DATA, which will be removed in a future release. You can opt in for the new behaviour (in which $HTTP_RAW_POST_DATA is never defined hence no E_DEPRECATED error will be generated) by setting always_populate_raw_post_data to -1.

 

 

 

 

How and where am I automatically populating $HTTP_RAW_POST_DATA?

 

EDIT.  I just changed my php.ini file and set always_populate_raw_post_data=-1, and now don't get the error, but PHP doesn't receive the POST data.  I am obviously doing something wrong by setting the content type header and passing post data.  Please advise.

Edited by NotionCommotion
Link to comment
Share on other sites

At the very least errors attributed to Unknown:0 are often bugs in and of themselves for not giving accurate or usable information.

 

Taking that mentality, the first step is reproducing the bug with a minimal test case. Is that possible? What kind of application are you using? Can you debug through it to at least find out when the error messages are being outputted?

Link to comment
Share on other sites

Thanks Requinix,

 

By the way, I am using PHP 5.6.25.

 

This is about as minimal as I can get.   The headers might not have anything to do with it.  Maybe I am not passing JSON, but passing a form with what I thought was JSON in it?  Still have a hard time grasping what is happening, and would appreciate any insight.

 

My purpose is to allow cross domain posts, and the headers came from swagger's documentation.  I am thinking of getting rid of them, and just adding Header set Access-Control-Allow-Origin "*" to httpd.conf.

 

 

always_populate_raw_post_data set to default (0?)

-sh-4.1$ curl -X POST --header 'Accept: application/json' --header 'api_key: main_key' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_no_set_headers.php'
array(1) {
  ["{_"property_one":_"string",_"property_two":_"string"_}"]=>
  string(0) ""
}
-sh-4.1$ curl -X POST --header 'Content-Type: application/json' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_no_set_headers.php'
<br />
<b>Deprecated</b>:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
array(0) {
}
-sh-4.1$ curl -X POST --header 'Accept: application/json' --header 'api_key: main_key' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_set_headers.php'
array(1) {
  ["{_"property_one":_"string",_"property_two":_"string"_}"]=>
  string(0) ""
}
-sh-4.1$ curl -X POST --header 'Content-Type: application/json' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_set_headers.php'
<br />
<b>Deprecated</b>:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>/var/www/test/src/public/headertest_set_headers.php</b> on line <b>3</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>/var/www/test/src/public/headertest_set_headers.php</b> on line <b>4</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>/var/www/test/src/public/headertest_set_headers.php</b> on line <b>5</b><br />
array(0) {
}

always_populate_raw_post_data set to -1

-sh-4.1$ curl -X POST --header 'Accept: application/json' --header 'api_key: main_key' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_no_set_headers.php'
array(1) {
  ["{_"property_one":_"string",_"property_two":_"string"_}"]=>
  string(0) ""
}
-sh-4.1$ curl -X POST --header 'Content-Type: application/json' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_no_set_headers.php'
array(0) {
}
-sh-4.1$ curl -X POST --header 'Accept: application/json' --header 'api_key: main_key' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_set_headers.php'
array(1) {
  ["{_"property_one":_"string",_"property_two":_"string"_}"]=>
  string(0) ""
}
-sh-4.1$ curl -X POST --header 'Content-Type: application/json' -d '{ "property_one": "string", "property_two": "string" }' 'http://test.example.com/headertest_set_headers.php'
array(0) {
}
-sh-4.1$
<?php
//headertest_set_headers.php
header('Access-Control-Allow-Origin: http://swagger-ui.badobe.com');  
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization');  
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');  
var_dump($_REQUEST);
exit;
<?php
//headertest_no_set_headers.php  
var_dump($_REQUEST);
exit;
Link to comment
Share on other sites

Ah.

 

1. You need to set the Content-Type in the request if you are passing any kind of data. If you don't then it seems PHP assumes application/x-www-form-urlencoded, which is why $_REQUEST gets that odd-looking value. If you set a Content-Type that PHP is not familiar with (basically neither that one or multipart/form-data) then PHP will take a different path of interpreting the body and not really do anything. However that path triggers code which deals with the $HTTP_RAW_POST_DATA stuff - not necessarily the variable itself but logic related to it.

 

2. $_REQUEST only works for application/x-www-form-urlencoded and multipart/form-data. Because those are key/value pairs that fit well into the $_REQUEST array. When you specify application/json content then $_REQUEST will not be filled and you need to use php://input to get the raw JSON.

 

Your code should be like

if ($_SERVER["REQUEST_METHOD"] == "POST") {
	if (stricmp($_SERVER["CONTENT_TYPE"], "application/json") == 0) {
		$json = @json_decode(file_get_contents("php://input"));
	} else {
		// maybe accept other formats
	}
} else {
	// ?
}
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.