Re: [PHP-DEV] Possible bug in the implementation of php://input streams?

Wed, 16 Jan 2019 12:17:03 -0800 

On 2019-01-16 09:59, Rasmus Schultz wrote:

We've noticed something odd about the "php://input" stream.
If you attempt to rewind() it after reading the stream, rewind() returns 
true, and ftell() subequently returns 0.
However, attempting to read the stream again after that returns nothing.
It has so many layers of redirection that someone missed setting stream->position on one layer. 

Maybe someone would care to apply the attached patch to fix this.

--
Lauri Kenttä
From 1f64a2caf636609ac006ef6021bea0bca3c92240 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20Kentt=C3=A4?= <lauri.ken...@gmail.com>
Date: Wed, 16 Jan 2019 22:08:03 +0200
Subject: [PATCH] Fix seeking in php://input

---
 ext/standard/php_fopen_wrapper.c             |  2 +-
 tests/basic/enable_post_data_reading_07.phpt | 34 ++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 tests/basic/enable_post_data_reading_07.phpt

diff --git a/ext/standard/php_fopen_wrapper.c b/ext/standard/php_fopen_wrapper.c
index d69b61da29..06d2b5f28c 100644
--- a/ext/standard/php_fopen_wrapper.c
+++ b/ext/standard/php_fopen_wrapper.c
@@ -128,7 +128,7 @@ static int php_stream_input_seek(php_stream *stream, zend_off_t offset, int when
 
 	if (input->body) {
 		int sought = php_stream_seek(input->body, offset, whence);
-		*newoffset = (input->body)->position;
+		*newoffset = input->position = (input->body)->position;
 		return sought;
 	}
 
diff --git a/tests/basic/enable_post_data_reading_07.phpt b/tests/basic/enable_post_data_reading_07.phpt
new file mode 100644
index 0000000000..b58e158cf8
--- /dev/null
+++ b/tests/basic/enable_post_data_reading_07.phpt
@@ -0,0 +1,34 @@
+--TEST--
+enable_post_data_reading: seeking in php://input
+--INI--
+enable_post_data_reading=1
+--POST_RAW--
+Content-Type: application/unknown
+0123456789
+--FILE--
+<?php
+echo "Test\n";
+
+$f1 = fopen("php://input", "r");
+fseek($f1, 3, SEEK_SET);
+echo fgetc($f1);
+fseek($f1, 1, SEEK_SET);
+echo fgetc($f1);
+fseek($f1, 3, SEEK_CUR);
+echo fgetc($f1);
+fseek($f1, -3, SEEK_CUR);
+echo fgetc($f1);
+fseek($f1, 3, SEEK_END);
+echo fgetc($f1);
+fseek($f1, -3, SEEK_END);
+$f2 = fopen("php://input", "r");
+fseek($f2, 1, SEEK_SET);
+echo fgetc($f1);
+echo fgetc($f2);
+?>
+
+Done
+--EXPECT--
+Test
+315371
+Done
-- 
2.20.1


-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to