Richard Lynch wrote:
On Thu, April 19, 2007 10:28 pm, Myron Turner wrote:
that should be necessary at this time. For instance, if it's
necessary
to pass in CGI parameters at the same time as sending out a file,
the
parameters can be tacked onto a query string and they will be packed
into both the $_POST and the $_GET arrays.
I've lost track of why the OP needs an md5 or whatever it is of the
raw POST data, but MAYBE using an unknown MIME type and putting all
the other args in the URL as $_GET parameters, would leave them with
only the file itself to be "parsed" which would be pretty minimal
parsing...
There exists a mode of HTTP digest authentication where a header
contains an MD5 hash of an MD5 hash of the POST body (along with a few
other things that effectively add a salt to the hash, and provide the
actual username/password authentication). This is used for "integrity
protection", to safegaurd against any malicious proxy or "man in the
middle" attack from altering the form data while it's in transit from
the authorized user to the web server.
I'm a little lost here though... how can it be possible to put data into
the URI as well as the POST body? The request is originating from the
user-agent, not the server. Regardless though, the real problem with
this proposed hack is how, through HTML code, would one instruct the
user-agent to submit the form using multipart/form-data, but without it
creating a Content-Type: multipart/form-data header in the request!?
This sounds like an impossible task to me.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
