cherokee could accept empty POST

benluteijn / cherokee

Automatically exported from code.google.com/p/cherokee

0 stars 1 forks source link

cherokee could accept empty POST #260

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. POST with no key/value pairs

What is the expected output? What do you see instead?
expected output: whatever the target script does
see instead: HTTP Error 411: Content-Length required (but Content-Length
looks set)

I'm not sure if this is completely legal according to the spec, but apache
accepts it as such

Original issue reported on code.google.com by johnnyop...@gmail.com on 3 Dec 2008 at 6:22

GoogleCodeExporter commented 9 years ago

Original comment by alobbs on 3 Dec 2008 at 7:11

Changed state: Accepted
Added labels: OpSys-All, Priority-Medium, Type-Defect

GoogleCodeExporter commented 9 years ago

I have just realized that there is a QA test covering that case (it successes):

  http://svn.cherokee-project.com/browser/cherokee/trunk/qa/030-Post%2Burlencoded.py

Johnny, how did you get it to fail? I cannot reproduce the issue.

Original comment by alobbs on 5 Dec 2008 at 9:46

GoogleCodeExporter commented 9 years ago

I have just added another QA test to check whether empty POSTs works with PHP 
(FastCGI). They do:

  http://svn.cherokee-project.com/browser/cherokee/trunk/qa/194-PHP-zero-len-post.py

Johnny, I'm gonna need a little help to reproduce this one. Everything works at 
my end. ':-)

Original comment by alobbs on 5 Dec 2008 at 11:08

GoogleCodeExporter commented 9 years ago

perhaps the issue only happens through a redirection

$(document).ready(function(){
    window.setInterval(
        function(){
            $.post('$ajaxurl',{ foo: "bar"});
        },
        1000 * 60 * 5 // 5 minutes
    );
});

where ajax url is http://localmomentum.net/admin/keep_login

which is handled by redirection on Default ruleset with internal redirection 
handler 

^.*$ -> /index.php

Original comment by johnnyop...@gmail.com on 5 Dec 2008 at 7:55

GoogleCodeExporter commented 9 years ago

Tested with redirections and works at my end too... :-?

Original comment by skar...@gmail.com on 14 Jan 2009 at 7:03

Attachments:

196-PHP-zero-len-post+Redir.py

GoogleCodeExporter commented 9 years ago

Skarcha, I'd rather use this QA test file (find it attached).
It seems that the issue is that POST information is lost when an internal 
redirection is performed.

The test successes. I wonder whether this bug is still a real issue.
Johnny, could you please confirm it?

Original comment by alobbs on 15 Jan 2009 at 7:53

Attachments:

196-PHP-zero-len-post+Redir.py

GoogleCodeExporter commented 9 years ago

Johnny, we need some feedback on this issue..

Original comment by alobbs on 2 Mar 2009 at 4:12

GoogleCodeExporter commented 9 years ago

maybe this one had to do with the ignored Location Header Bug I reported last 
month
where some additional headers were missing...?

Original comment by michael....@gmail.com on 24 Jun 2009 at 7:32

GoogleCodeExporter commented 9 years ago

I'm closing this bug: The QA test is in place, and the behavior is alright now 
(and besides, the bug has been 
inactive for more than 6 months).

Original comment by alobbs on 2 Nov 2009 at 6:50

Changed state: Fixed