Clever Geek Handbook

POST without line feed doesn't work, but does the line work?

I am debugging a PHP application where I need to send some data to my server and then parse it and return some values ​​- super simple stuff.

The data is in the format:

action=display_all_pols&donate_form=1&user_state=&state=AK&pols[LA][0][post_id]=2714&pols[LA][0][first_name]=Ralph&pols[LA][0][last_name]=Abraham &pols[LA][0][profile_image]=2762

The size of my data depends on the small size for example. 187 bytes, something larger, for example. 46KB.

I noticed that my application was not parsing POST correctly. The code looks something like this:

function Foo() {
    $state = somehow_get_state();
    $bar = $_POST['pols'][$state];
    // cool logic and stuff

I immediately put it die(var_dump($_POST));

inside Foo()

and noticed that only a portion of the data was actually POSTED.

When I checked this on the command line, I noticed a difference between:

POST http://10.1.10.22/wesupportthat/wp-admin/admin-ajax.php
action=display_all_pols&donate_form=1&user_state=&state=AK&pols[LA][0][post_id]=2714&pols[LA][0][first_name]=Ralph&pols[LA][0][last_name]=Abraham &pols[LA][0][profile_image]=2762

And this (note the row feeds);

POST http://10.1.10.22/wesupportthat/wp-admin/admin-ajax.php
action=display_all_pols&donate_form=1&user_state=&state=AK&
pols[LA][0][post_id]=2714&
pols[LA][0][first_name]=Ralph&
pols[LA][0][last_name]=Abraham&
pols[LA][0][profile_image]=2762

The former will only POST roughly 3.1KB of data, while the later POSTs will do everything.

Is there a reason? I am posting valid JSON and for me love can't figure out why one works and the other doesn't.

To create JSON, I create a nested array like:

array( // root-level array
    array(
        '1' => 'somestring',
        '2' => '...',
        '3' => '...',
        '4' => '...'
    ),
    array( // same as previous),
    // more arrays, potentially up to 50 total
)

and then a call json_encode($my_array, JSON_HEX_APOS);

to create the JSON.

I hope this is just a rubber duck moment. :-)

Edit: I'm walking away from my computer, but the TCP captures are showing the same thing. Also I will add my Apache / php information when I return.

+3


source to share


1 answer


If you are using the suhosin extension and you see lines like this after failing tests in /var/log/user.log:

suhosin[...]: ALERT - configured POST variable limit exceeded - dropped variable 'x' (attacker 'x.y.z.207', file 'some_script.php')

Then this is probably the extension that is messing with your requests. you need in this case to disable or update the suhosin configuration, for example, in / etc / php 5 / conf.d / suhosin.ini



Updating or adding these lines:

suhosin.post.max_vars = 3000
suhosin.request.max_vars = 3000

This configuration allows a maximum of 3000 variables included in the request.

0


source






More articles:


All Articles