{"id":244,"date":"2011-06-02T17:16:01","date_gmt":"2011-06-02T15:16:01","guid":{"rendered":"\/\/www.mcgill.org.za\/stuff\/?p=244"},"modified":"2011-06-02T17:18:19","modified_gmt":"2011-06-02T15:18:19","slug":"a-slip-betwixt-http_raw_post_data-and-_post","status":"publish","type":"post","link":"https:\/\/www.mcgill.org.za\/stuff\/archives\/244","title":{"rendered":"A slip betwixt $HTTP_RAW_POST_DATA and $_POST"},"content":{"rendered":"<p>The curious case of the missing post: An interesting bug came across my desk today.  We have some hacky PHP code that receives data from cpanel, which is written in Perl.  The bug came out after an update to cpanel.  Suddenly we started getting blank requests: PHP&#8217;s <code>$_REQUEST<\/code> variable was blank.  A good deal of (unnecessary?) debugging showed that the <code>$_POST<\/code> variable was just as blank.  Eventually, when printing out the entire <code>$GLOBALS<\/code> array, I found the data hiding away in <code>$HTTP_RAW_POST_DATA<\/code>.  Yay!  Now, why was it there?<\/p>\n<p>Time to check stuff: did something update PHP on this box to some other version?<\/p>\n<pre><code>$ php -r 'phpinfo();' | grep -i version | head\r\nPHP Version => 5.1.8\r\n<\/code><\/pre>\n<p>Well, not, but wow!  That&#8217;s rather old.  Is there a bug in this version that will cause it not to populate <code>$_POST<\/code> from the posted data?  Googled it.  Nope.  Oh wait.  Maybe I should yahoo it!  Still nope.  There was a bug in php 4.2, but it was fixed.  So what&#8217;s up?<\/p>\n<p>I never looked at the actual request, since this thing is over SSL and I didn&#8217;t feel like setting up a man in the middle, but here&#8217;s what it seems to be going on: the cpanel perl client side is not sending a valid <code>Content-Type<\/code> header.  Something like this:<\/p>\n<pre><code>POST \/scripts2\/synczones_local HTTP\/1.0\r\nUser-Agent: Cpanel::PublicAPI (perl) 1.1\\\r\n<del >Content-Type: application\/x-www-form-urlencoded<\/del>\r\n\r\nzone=mcgill.org.za&zonedata=...<\/code><\/pre>\n<p>By parsing <code>$HTTP_RAW_POST_DATA<\/code>, we get the bits we were missing, and <i>voila<\/i> it works:<\/p>\n<pre><code>if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {\r\n    parse_str($GLOBALS['HTTP_RAW_POST_DATA'], $postdatawithbadheaders);\r\n    foreach($postdatawithbadheaders as $k=>$v) {\r\n        if (!isset($_REQUEST[$k])) { \r\n            $_POST[$k]=$v;\r\n            $_REQUEST[$k]=$v;\r\n        }\r\n    }\r\n}<\/pre>\n<p><\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The curious case of the missing post: An interesting bug came across my desk today. We have some hacky PHP code that receives data from cpanel, which is written in Perl. The bug came out after an update to cpanel. &hellip; <a href=\"https:\/\/www.mcgill.org.za\/stuff\/archives\/244\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[26,24,190],"class_list":["post-244","post","type-post","status-publish","format-standard","hentry","category-stuff","tag-cpanel","tag-php","tag-stuff"],"_links":{"self":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts\/244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/comments?post=244"}],"version-history":[{"count":7,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts\/244\/revisions"}],"predecessor-version":[{"id":251,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts\/244\/revisions\/251"}],"wp:attachment":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/media?parent=244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/categories?post=244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/tags?post=244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}