On 7 December 2010 12:42, John Mertic <jmer...@php.net> wrote: >> On Tue, Dec 7, 2010 at 7:37 AM, Richard Quadling <rquadl...@gmail.com> wrote: >>> On 7 December 2010 12:11, John Mertic <jmer...@php.net> wrote: >>>> On Tue, Dec 7, 2010 at 6:40 AM, Richard Quadling <rquadl...@gmail.com> >>>> wrote: >>>>> On 7 December 2010 07:08, Gustavo Lopes <glo...@nebm.ist.utl.pt> wrote: >>>>>> The very simple attached patch adds an option to disable POST data >>>>>> processing, which implies the data can only be read in a stream fashion >>>>>> through php://input. >>>>>> >>>>>> As far as I know, PHP offers no way to inhibit processing RFC 1867 data >>>>>> and >>>>>> one has to use very hacky means to accomplish that. This is often >>>>>> required >>>>>> (or at least convenient) in order to, e.g., proxy requests or handle file >>>>>> uploads in memory. >>>>>> >>>>>> For other types of requests, the default processing of POST data may >>>>>> also be >>>>>> a problem. Take a non-application/x-www-form-urlencoded POST requests >>>>>> (say, >>>>>> some kind of RPC with a big XML payload) -- PHP is very memory >>>>>> inefficient >>>>>> as it will hold the whole POST data into memory and duplicate it twice >>>>>> (from >>>>>> SG(request_info).post_data to $HTTP_RAW_POST_DATA -- even if >>>>>> always_populate_raw_post_data=0 -- and SG(request_info).raw_post_data). >>>>>> >>>>>> This introduces a new ini setting, disable_post_data_processing, but >>>>>> it's a >>>>>> benign one. No incompatibilities between setups will arise because no one >>>>>> will enable it globally (it would be insane), only selectively to the >>>>>> scripts that require it. The reason for an ini setting is that it must be >>>>>> set early in the request life. >>>>>> >>>>>> Thoughts? >>>>>> >>>>>> -- >>>>>> Gustavo Lopes >>>>>> -- >>>>>> PHP Internals - PHP Runtime Development Mailing List >>>>>> To unsubscribe, visit: http://www.php.net/unsub.php >>>>>> >>>>> >>>>> As I understand things, the super globals are already populated by the >>>>> time the script starts execution. >>>>> >>>>> So, ini_set() will have no impact. >>>>> >>>>> Can you set an ini option for a single script via some other method? >>>>> >>>> >>>> Maybe thru an .htaccess file? That should work. >>>> >>>> Otherwise, +1 for the patch from me. >>>> >>>> John Mertic >>>> jmer...@gmail.com | http://jmertic.wordpress.com >>>> >>> >>> Can you set an ini option via .htaccess for a single script? >>> >>> If the script has to reside in its own directory then that makes >>> sense, but I don't know how to set an ini option for a single script. >>> >>> -- >>> Richard Quadling >>> Twitter : EE : Zend >>> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY >>> > > Wouldn't something like this work? > > <Files script.php> > php_value disable_post_data_processing On > </Files>
http://httpd.apache.org/docs/2.0/mod/core.html#files looks like it should. Now to find out how to do that for IIS. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
