PHP: Dot-to-underscore conversion in query args.

Dave Dash dd at davedash.com
Fri Mar 30 15:58:45 PST 2007 

Here you go Jonathan:

<?php
var_dump($_POST);
$data = file_get_contents('php://input');
var_dump($data);

?>
<form method="POST" action="">
<input name="th.is" type="text" />
</form>

I made a little test harness, the $data will get you your POST query string.

On 3/30/07, Jonathan Daugherty <cygnus at janrain.com> wrote:
>
> Hi all,
>
> As some of you are probably aware, PHP converts "external variables"
> (i.e., web request keys) so that their names are "valid variable
> names."  For example,
>
>   http://.../my.php?foo.bar=baz
>
> yields $_GET['foo_bar'] == 'baz'.  If you have register_globals turned
> on, that kinda makes sense.  (Except register_globals is off by
> default, starting with PHP 4.2.0.  And nobody uses it.)
>
> However, according to
>
>   http://us2.php.net/variables.external
>
> the dot-to-underscore conversion still applies in all cases.  In
> particular, anything from $_GET, $_POST, or $_COOKIE will be
> converted, and the result of parse_str() undergoes the same
> transformation.
>
> In OpenID 1, this was not so hard to avoid; the Auth_OpenID::fixArgs()
> static method replaces only the underscores it knows ought to be dots,
> and library users are told to call this method on query arrays before
> passing them into the OpenID library.  In OpenID 2, that
> implementation will not work and will not scale to accommodate the
> presence of arbitrary extensions.
>
> I've asked ##php (freenode.net) about this and the consensus was that
> there is no way to prevent PHP from doing this.
>
> In the case of a GET request, one can look directly at
> $_SERVER['QUERY_STRING'] instead of using $_GET.  I know of no such
> workaround for POST requests.
>
> Does anyone here know of a way to avoid this, either by changing a
> runtime setting or implementing a workaround?  Any help would be
> appreciated.  We need to find a solution to this problem before we can
> release a PHP OpenID 2 implementation and this is one of only a few
> things holding it back.
>
> Thanks,
>
> --
>   Jonathan Daugherty
>   JanRain, Inc.
>   irc.freenode.net: cygnus in #openid
>   cygnus.myopenid.com
>
> _______________________________________________
> Dev mailing list
> Dev at lists.openidenabled.com
> http://lists.openidenabled.com/mailman/listinfo/dev
>



-- 
Dave Dash
612.670.0621
Discover your favorite restaurant: reviewsby.us
gtalk: dave.dash
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openidenabled.com/pipermail/dev/attachments/20070330/a72c2919/attachment.htm

More information about the Dev mailing list