Re: retrieve POST body?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Justin Frim wrote:
Richard Lynch wrote:
On Thu, April 19, 2007 10:28 pm, Myron Turner wrote:
that should be necessary at this time.  For instance, if it's
necessary
to pass in CGI  parameters at the same time as sending out  a file,
the
parameters can be tacked onto a query string and they will be packed
into both the $_POST and the $_GET arrays.

I've lost track of why the OP needs an md5 or whatever it is of the
raw POST data, but MAYBE using an unknown MIME type and putting all
the other args in the URL as $_GET parameters, would leave them with
only the file itself to be "parsed" which would be pretty minimal
parsing...

There exists a mode of HTTP digest authentication where a header contains an MD5 hash of an MD5 hash of the POST body (along with a few other things that effectively add a salt to the hash, and provide the actual username/password authentication). This is used for "integrity protection", to safegaurd against any malicious proxy or "man in the middle" attack from altering the form data while it's in transit from the authorized user to the web server.

I'm a little lost here though... how can it be possible to put data into the URI as well as the POST body? The request is originating from the user-agent, not the server. Regardless though, the real problem with this proposed hack is how, through HTML code, would one instruct the user-agent to submit the form using multipart/form-data, but without it creating a Content-Type: multipart/form-data header in the request!? This sounds like an impossible task to me.



In one of my early replies to this question, I suggested using Perl. But I assume you prefer not to. However, I have tried putting my head around a hack, which does use a small Perl script but which might do the trick for you. You use the Perl script in the action attribute of your form. The Perl script saves the entire posted output to a file, then it sends back a page which uses Javascript to redirect back to the php script, where you can process the file. You send the file name back to the php script from the perl script in the query string of the url. Here goes:


<?php
// upload.php

if(isset($_GET['file'])) {
 /* do here whatever you have to in PHP  */
 echo '<h3>' .$_GET['file'] . '</h3>';
}
?>


<form enctype="multipart/form-data" action="save.cgi" method="post">
Send this file: <input name="userfile" type="file" />
<input type="submit" name="submit" value="Send File" />
</form>
-------------------------------------

Then the Perl script:

#!/usr/bin/perl
# save.cgi

if ($ENV{'REQUEST_METHOD'} eq "POST") {
   read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
}


print "Content-Type: text/html\n\n";
open FH, "> /var/www/html/d_wiki/upload/tmp.fil";
print FH $buffer;
close FH;

print '<html></head>';
print '<script language="javascript">location = "upload.php?file=tmp.fil;"</script>';
print '<body><h1>Redirecting to upload.php?file=tmp.fil</h1></body></html>';


You don't have to know much about Perl here. The only thing you would want to do is find out how to construct a unique temporary file name, for the saved file, which you would then probably delete in the PHP script after processing with PHP.

Hope this helps.

Myron

--

_____________________
Myron Turner
http://www.room535.org
http://www.bstatzero.org
http://www.mturner.org/XML_PullParser/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux