Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51162

HTTP_RAW_POST_DATA is deprecated and still in use

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.8.7, 2.9
    • Fix Version/s: 3.0
    • Component/s: Authentication, MNet
    • Labels:
    • Testing Instructions:
      Hide
      1. Search for usages of the variables:

        $_GLOBALS["HTTP_RAW_POST_DATA"]
        $HTTP_RAW_POST_DATA
        

        Make sure the only usage is on Zend library and TinyMCE.

      2. Execute tests on the following areas:
        • Shibboleth - Login and logout.
        • MNet - Setup and test it using SSL.

      Make sure it still works as expected

      Show
      Search for usages of the variables: $_GLOBALS["HTTP_RAW_POST_DATA"] $HTTP_RAW_POST_DATA Make sure the only usage is on Zend library and TinyMCE . Execute tests on the following areas: Shibboleth - Login and logout. MNet - Setup and test it using SSL. Make sure it still works as expected
    • Affected Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-51162-master

      Description

      Seen in my apache error logs when looking at a registration issue.

      [Thu Aug 20 12:38:55.408912 2015] [:error] [pid 28591] [client ::1:58079] PHP Deprecated:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
      

      Found in:

      1. shibboleth
      2. tinymce
      3. mnet

      2062 sm:MDL-33365-master-2> gg HTTP_RAW_POST_DATA
      auth/shibboleth/logout.php:} else if (!empty($HTTP_RAW_POST_DATA)) {
      lib/editor/tinymce/plugins/spellchecker/rpc.php:if (!$raw && isset($_GLOBALS) && isset($_GLOBALS["HTTP_RAW_POST_DATA"]))
      lib/editor/tinymce/plugins/spellchecker/rpc.php:        $raw = $_GLOBALS["HTTP_RAW_POST_DATA"];
      lib/editor/tinymce/plugins/spellchecker/rpc.php:if (!$raw && isset($HTTP_RAW_POST_DATA))
      lib/editor/tinymce/plugins/spellchecker/rpc.php:        $raw = $HTTP_RAW_POST_DATA;
      lib/zend/Zend/Amf/Request/Http.php:        // intensive alternative to $HTTP_RAW_POST_DATA and does not need any
      mnet/xmlrpc/server.php:// PHP 5.2.2: $HTTP_RAW_POST_DATA not populated bug:
      mnet/xmlrpc/server.php:if (empty($HTTP_RAW_POST_DATA)) {
      mnet/xmlrpc/server.php:    $HTTP_RAW_POST_DATA = file_get_contents('php://input');
      mnet/xmlrpc/server.php:mnet_debug("HTTP_RAW_POST_DATA", 2);
      mnet/xmlrpc/server.php:mnet_debug($HTTP_RAW_POST_DATA, 2);
      mnet/xmlrpc/server.php:    $plaintextmessage = mnet_server_strip_encryption($HTTP_RAW_POST_DATA);
      mnet/xmlrpc/serverlib.php: * @param string $HTTP_RAW_POST_DATA The XML that the client sent
      mnet/xmlrpc/serverlib.php:function mnet_server_strip_encryption($HTTP_RAW_POST_DATA) {
      mnet/xmlrpc/serverlib.php:    $crypt_parser->parse($HTTP_RAW_POST_DATA);
      mnet/xmlrpc/serverlib.php:        return $HTTP_RAW_POST_DATA;
      

      Note: I think that the appearance in zend is a red herring as it is only a comment. I haven't worked out why I have seen this when looking at registration yet.

      This feature will be removed in PHP 7.0: http://php.net/manual/en/reserved.variables.httprawpostdata.php

      Some users are experiencing the HTTP_RAW_POST_DATA related errors:

      Request for http://glux/mdk/mnet29b returned empty response
       
          line 134 of /mnet/lib.php: call to debugging()
          line 115 of /admin/mnet/peers.php: call to mnet_get_public_key()
      

      If you are experiencing the error above, please add the setting always_populate_raw_post_data = -1 to your php.ini.
      For more information see: https://docs.moodle.org/29/en/PHP#HTTP_RAW_POST_DATA_errors

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  16/Nov/15