php://输入<> $ _ POST? [英] php://input <> $_POST?
问题描述
当某些资源因为违反策略而无效时,Firefox会将报告发送给给定的URI以json格式。
这是一个典型的报告
数组(1){
[csp-report] =>
array(4){
[request] =>
string(71)GET http://example.com/?function=detail&id=565 HTTP / 1.1
[request-headers] =>
string(494)Host:example.com
用户代理:Mozilla / 5.0(Windows NT 5.1; rv:2.0b10pre)Gecko / 20110115 Firefox / 4.0b10pre
Accept:text / html,application / xhtml + xml,application / xml; q = 0.9,* / *; q = 0.8
Accept-Language:es-ar,en-us; q = 0.8,es; q = 0.5,en ; q = 0.3
Accept-Encoding:gzip,deflate
Accept-Charset:UTF-8,*
Keep-Alive:115
连接:keep-alive
Referer:http://example.com/index.php?function=search&query=Pata+de+cambio+
Cookie:cookie
[blocked-uri] = >
string(4)self
[违反指示] =>
string(30)内嵌脚本库限制
}
内容类型是application / json; charset = UTF-8
现在。我期望这是可以在$ _POST作为REQUEST_METHOD == POST,但后总是空的。
我可以从php://输入访问它,但问题是:为什么请求在$ _POST中不可用?
我甚至不能使用filter_input,而$ _REQUEST是空的...
$ p>
POST / some_path HTTP / 1.1
myvar = something& secondvar = somethingelse
但是你得到的不是一个有效的查询字符串。它可能看起来像这样:
$ p $
POST / some_path HTTP / 1.1
{'this': '是一个JSON对象','notice':'它不是一个有效的查询字符串'}
php:// input
在原始格式中为您提供所有内容,所以在这种情况下,我认为这是获得您想要的唯一方法。 >
I'm experimenting with Firefox's Content Security Policy. Basically it's a special header for the webpage that tells the browser which resources are valid.
When some resource is invalid because it's breaks the policy, Firefox sends a report to a given URI in json format.
This is a typical report
array(1) {
["csp-report"]=>
array(4) {
["request"]=>
string(71) "GET http://example.com/?function=detail&id=565 HTTP/1.1"
["request-headers"]=>
string(494) "Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b10pre) Gecko/20110115 Firefox/4.0b10pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,en-us;q=0.8,es;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: UTF-8,*
Keep-Alive: 115
Connection: keep-alive
Referer: http://example.com/index.php?function=search&query=Pata+de+cambio+
Cookie: the cookie
"
["blocked-uri"]=>
string(4) "self"
["violated-directive"]=>
string(30) "inline script base restriction"
}
}
The content type is application/json; charset=UTF-8
Now. I would expect this to be avaliable in $_POST as REQUEST_METHOD==POST but post is always empty. I can access it from php://input, but the question is: Why the request isn't avaliable in $_POST?
I can't even use filter_input and $_REQUEST is empty...
$_POST
gives you form variables, which show up in the page like this:
POST /some_path HTTP/1.1
myvar=something&secondvar=somethingelse
But what you're getting isn't a valid query string. It probably looks something like this:
POST /some_path HTTP/1.1
{'this':'is a JSON object','notice':'it\'s not a valid query string'}
php://input
gives you everything after the headers in raw form, so in this case I think it's the only way to get what you want.
这篇关于php://输入<> $ _ POST?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!