doulong4169 2016-04-15 07:59
浏览 251
已采纳

通过php://输入原始POST,内容类型为multipart / form-data的表单无法正常工作

We have a proxy PHP script and access POST form data via

$postPayload = file_get_contents('php://input');

which usually works.

(The reason to not use $_POST is that we sometimes have duplicate form input names which PHP suppresses)

Now we have a form with

<form name="form" method="post" 
   action="/script.php" enctype="multipart/form-data">

In this case file_get_contents('php://input'); returns an empty string.

It can be reproduced with

curl 'http://localhost/script.php' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: http://localhost/script.php?commandCode=NO_AUTH_REGIST_OPEN_USER&amp;lang=de' -H 'Origin: http://misumi-europe.com.orange.imi.local' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36' -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryk3IVneARm3kqJ0fs' --data-binary $'------WebKitFormBoundaryk3IVneARm3kqJ0fs
Content-Disposition: form-data; name="commandCode"

NO_AUTH_NEXT
------WebKitFormBoundaryk3IVneARm3kqJ0fs
' --compressed

How can I access the RAW POST data in this case?

  • 写回答

2条回答 默认 最新

  • doushuichong2589 2016-04-15 08:12
    关注

    multipart/form-data is not send to php://input, only to $_POST.

    In php.ini you can set enable-post-data-reading=off to change this but $_POST will always be empty. See http://php.net/manual/en/ini.core.php#ini.enable-post-data-reading

    You might set it for single pages using .htaccess

    php_value  enable-post-data-reading off

    There is also an apache hack:

    <Location "/backend/XXX.php">
    SetEnvIf Content-Type ^(multipart/form-data)(.*) NEW_CONTENT_TYPE=multipart/form-data-alternate$2 OLD_CONTENT_TYPE=$1$2
    RequestHeader set Content-Type %{NEW_CONTENT_TYPE}e env=NEW_CONTENT_TYPE
</Location>

    See also: Get raw post data

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 用twincat控制!
  • ¥15 请问一下这个运行结果是怎么来的
  • ¥15 单通道放大电路的工作原理
  • ¥30 YOLO检测微调结果p为1
  • ¥20 求快手直播间榜单匿名采集ID用户名简单能学会的
  • ¥15 DS18B20内部ADC模数转换器
  • ¥15 做个有关计算的小程序
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决