Justin Frim wrote:
Richard Lynch wrote:
On Thu, April 19, 2007 10:28 pm, Myron Turner wrote:
that should be necessary at this time. For instance, if it's
necessary
to pass in CGI parameters at the same time as sending out a file,
the
parameters can be tacked onto a query string and they will be packed
into both the $_POST and the $_GET arrays.
I've lost track of why the OP needs an md5 or whatever it is of the
raw POST data, but MAYBE using an unknown MIME type and putting all
the other args in the URL as $_GET parameters, would leave them with
only the file itself to be "parsed" which would be pretty minimal
parsing...
There exists a mode of HTTP digest authentication where a header
contains an MD5 hash of an MD5 hash of the POST body (along with a few
other things that effectively add a salt to the hash, and provide the
actual username/password authentication). This is used for "integrity
protection", to safegaurd against any malicious proxy or "man in the
middle" attack from altering the form data while it's in transit from
the authorized user to the web server.
I'm a little lost here though... how can it be possible to put data
into the URI as well as the POST body? The request is originating
from the user-agent, not the server. Regardless though, the real
problem with this proposed hack is how, through HTML code, would one
instruct the user-agent to submit the form using multipart/form-data,
but without it creating a Content-Type: multipart/form-data header in
the request!? This sounds like an impossible task to me.
In one of my early replies to this question, I suggested using Perl.
But I assume you prefer not to. However, I have tried putting my head
around a hack, which does use a small Perl script but which might do the
trick for you. You use the Perl script in the action attribute of
your form. The Perl script saves the entire posted output to a file,
then it sends back a page which uses Javascript to redirect back to the
php script, where you can process the file. You send the file name back
to the php script from the perl script in the query string of the url.
Here goes:
<?php
// upload.php
if(isset($_GET['file'])) {
/* do here whatever you have to in PHP */
echo '<h3>' .$_GET['file'] . '</h3>';
}
?>
<form enctype="multipart/form-data" action="save.cgi" method="post">
Send this file: <input name="userfile" type="file" />
<input type="submit" name="submit" value="Send File" />
</form>
-------------------------------------
Then the Perl script:
#!/usr/bin/perl
# save.cgi
if ($ENV{'REQUEST_METHOD'} eq "POST") {
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
}
print "Content-Type: text/html\n\n";
open FH, "> /var/www/html/d_wiki/upload/tmp.fil";
print FH $buffer;
close FH;
print '<html></head>';
print '<script language="javascript">location =
"upload.php?file=tmp.fil;"</script>';
print '<body><h1>Redirecting to upload.php?file=tmp.fil</h1></body></html>';
You don't have to know much about Perl here. The only thing you would
want to do is find out how to construct a unique temporary file name,
for the saved file, which you would then probably delete in the PHP
script after processing with PHP.
Hope this helps.
Myron
--
_____________________
Myron Turner
http://www.room535.org
http://www.bstatzero.org
http://www.mturner.org/XML_PullParser/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
