Bug 82967 - POST body corruption in some configurations
Summary: POST body corruption in some configurations
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: php
Version: 8.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard:
: 76559 77500 85386 85406 97430 97647 113369 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-01-29 02:43 UTC by Frank Wyton
Modified: 2007-04-18 16:50 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-07-03 11:44:45 UTC
Embargoed:


Attachments (Terms of Use)
Send.php as requested (260 bytes, text/plain)
2003-01-29 23:07 UTC, Frank Wyton
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:204 0 normal SHIPPED_LIVE : Updated PHP packages are now available 2003-07-02 04:00:00 UTC

Description Frank Wyton 2003-01-29 02:43:37 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 
1.0.3705)

Description of problem:
The following code results in a corrupted upload...

<form action="send.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="5000000" />
Attachment<input type="file" name="attachment" size="20"><br>

<input type="submit" value="send">
</form>



The corrupted file is approximately twice the size of the original.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Comment 1 Joe Orton 2003-01-29 10:06:05 UTC
Please attach send.php too. How big was the file you tried to upload?  

Comment 2 Frank Wyton 2003-01-29 23:07:15 UTC
Created attachment 89706 [details]
Send.php as requested

This copies the uploaded file to the original filename in the tmp directory.

This works fine on apache 1.3.23-4 running on RH8 but does not work with Apache
2.0.40.

If the file is greater than about 2K then parts of the original are repeated in
the upload data, resulting in a corrupted file about twice the size.

Comment 3 Joe Orton 2003-02-03 10:54:19 UTC
I can't reproduce any problems using Mozilla to upload a selection of files
using that script.  What browser are you using?

Comment 4 Frank Wyton 2003-02-03 23:04:07 UTC
The behaviour occurs with both mozilla-1.2 and I.E. 6.


Some other accounts of the problem can be found at:
http://codewalkers.com/archives/phphelp/123.html
http://www.phpbuilder.com/board/showthread.php?threadid=10224131

We asked Derek if he had found a solution, and he said that he had to revert to 
apache 1.x series.

I can't seem to find the source at the moment, but I read that it appears to be 
a problem with mod_php on the apache 2.X series, as the same version of php 
works fine with the 1.X series.


Thanks for your help,
Frank Wyton,
WyWare



Comment 5 Joe Orton 2003-02-04 15:41:42 UTC
Can you get a network trace of the form upload? (e.g. using ethereal or tcpdump)
I can't reproduce this with Mozilla 1.2.1 either.

Comment 6 Frank Wyton 2003-02-10 01:50:06 UTC
Hi,

It seems to work fine with the recently released php errata packages.

thanks for your help.

Frank Wyton,
WyWare

Comment 7 Joe Orton 2003-02-13 09:37:34 UTC
OK, that's weird, but good.

Comment 8 Apiset Tananchai 2003-02-20 16:13:36 UTC
Please see the thread at http://bugs.php.net/bug.php?id=18648 the problem is (as
described by moriyoshi) because /etc/httpd/conf.d/php.conf has 2 filters

<Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
    LimitRequestBody 524288
</Files>

replace above lines with

AddType application/x-httpd-php .php

solve the problem for me 

Comment 9 Joe Orton 2003-02-20 16:23:18 UTC
Did you already have a similar AddType directive in httpd.conf? Can you attach a
 /etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/php.conf which let you
reproduce the bug?

Comment 10 Apiset Tananchai 2003-02-20 16:42:23 UTC
Oh...Yes, I already have similar AddType in /etc/httpd/conf/httpd.conf (from   
rpm, unmodified) So I just try removing  
  
AddType application/x-httpd-php .php  
  
that I added to /etc/httpd/conf.d/php.conf and it also work. My php.conf  
content is below  
 
# 
# PHP is an HTML-embedded scripting language which attempts to make it 
# easy for developers to write dynamically generated webpages. 
# 
 
LoadModule php4_module modules/libphp4.so 
 
# 
# Cause the PHP interpreter handle files with a .php extension. 
# 
#<Files *.php> 
#    SetOutputFilter PHP 
#    SetInputFilter PHP 
#    LimitRequestBody 524288 
#</Files> 
#AddType application/x-httpd-php .php 
 
# 
# Add index.php to the list of files that will be served as directory 
# indexes. 
# 
DirectoryIndex index.php 

Comment 11 Joe Orton 2003-02-20 16:49:35 UTC
The default 8.0 httpd.conf does not contain an AddType for PHP - have you
upgraded from 7.x maybe?

We should be able to cope better with this config problem.

Comment 12 Apiset Tananchai 2003-02-20 17:36:40 UTC
No, not an upgrade from and oops...yes, I have modified     /etc/httpd/conf/httpd.conf to add that AddType for php a couple of weeks ago..    to test php-4.3, sorry.        So the solution for this problem should be removing the lines from  <Files *.php>  to  </Files>  and use  AddType application/x-httpd-php .php instead? 

Comment 13 Joe Orton 2003-02-20 17:40:58 UTC
Use either the AddType *or* the original <Files *.php> section in php, just
don't use both, as the PHP bug explains.  (They are pretty much equivalent)

Comment 14 Joe Orton 2003-06-19 10:36:27 UTC
The workaround for this bug is going to be included in a forthcoming PHP erratum.

Comment 15 Joe Orton 2003-06-19 10:39:04 UTC
*** Bug 85406 has been marked as a duplicate of this bug. ***

Comment 16 Joe Orton 2003-06-19 10:41:53 UTC
*** Bug 85386 has been marked as a duplicate of this bug. ***

Comment 17 Joe Orton 2003-06-19 14:13:38 UTC
Apologies for the noise while I tweak the Summary again.

Comment 18 Joe Orton 2003-06-26 14:57:04 UTC
*** Bug 97430 has been marked as a duplicate of this bug. ***

Comment 19 Joe Orton 2003-07-03 11:44:45 UTC
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-204.html


Comment 20 Joe Orton 2003-07-03 11:51:39 UTC
*** Bug 97647 has been marked as a duplicate of this bug. ***

Comment 21 Joe Orton 2003-07-08 15:39:10 UTC
*** Bug 76559 has been marked as a duplicate of this bug. ***

Comment 22 Joe Orton 2003-08-26 14:53:37 UTC
*** Bug 77500 has been marked as a duplicate of this bug. ***

Comment 25 Robert Scheck 2004-01-13 15:27:47 UTC
*** Bug 113369 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.