doulong4169 2016-04-15 07:59
浏览 251
已采纳

通过php://输入原始POST,内容类型为multipart / form-data的表单无法正常工作

We have a proxy PHP script and access POST form data via

$postPayload = file_get_contents('php://input');

which usually works.

(The reason to not use $_POST is that we sometimes have duplicate form input names which PHP suppresses)

Now we have a form with

<form name="form" method="post" 
   action="/script.php" enctype="multipart/form-data">

In this case file_get_contents('php://input'); returns an empty string.

It can be reproduced with

curl 'http://localhost/script.php' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: http://localhost/script.php?commandCode=NO_AUTH_REGIST_OPEN_USER&amp;lang=de' -H 'Origin: http://misumi-europe.com.orange.imi.local' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36' -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryk3IVneARm3kqJ0fs' --data-binary $'------WebKitFormBoundaryk3IVneARm3kqJ0fs
Content-Disposition: form-data; name="commandCode"

NO_AUTH_NEXT
------WebKitFormBoundaryk3IVneARm3kqJ0fs
' --compressed

How can I access the RAW POST data in this case?

  • 写回答

2条回答 默认 最新

  • doushuichong2589 2016-04-15 08:12
    关注

    multipart/form-data is not send to php://input, only to $_POST.

    In php.ini you can set enable-post-data-reading=off to change this but $_POST will always be empty. See http://php.net/manual/en/ini.core.php#ini.enable-post-data-reading

    You might set it for single pages using .htaccess

    php_value  enable-post-data-reading off

    There is also an apache hack:

    <Location "/backend/XXX.php">
    SetEnvIf Content-Type ^(multipart/form-data)(.*) NEW_CONTENT_TYPE=multipart/form-data-alternate$2 OLD_CONTENT_TYPE=$1$2
    RequestHeader set Content-Type %{NEW_CONTENT_TYPE}e env=NEW_CONTENT_TYPE
</Location>

    See also: Get raw post data

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值