[2010-10-27 11:25 UTC] gm at tlink dot de

Description:
------------
Setting php.ini option post_max_size=0 (for unlimited POSTs since 5.3.2) isn't honoured in some cases. Doing a POST-form upload via curl or browser with a 5GB file works as expected (by setting upload_max_filesize=0 too) but using a login form (see below) results in this error:

PHP Warning: Unknown: POST Content-Length of 38 bytes exceeds the limit of 0 bytes in Unknown on line 0

It seems that main/SAPI.c lacks checks in SAPI_POST_READER_FUNC() for ignoring size checking in case post_max_size==0. This check was implemented in main/rfc1867.c only.

from: if (SG(request_info).content_length > S (post_max_size))
to: if (SG(post_max_size) > 0 && SG(request_info).content_length > S (post_max_size))

and

from: if (SG(read_post_bytes) > SG(post_max_size))
to: if (SG(post_max_size) > 0 && SG(read_post_bytes) > SG(post_max_size))

Sorry for not attaching a diff yet.

Gregor

Test script:
---------------
Loginform:

<html><body>
<form enctype="application/x-www-form-urlencoded" accept-charset="UTF-8" action="/login.php" method="post">
    	<input type="text" name="email" value="foo"  />
    	<input type="password" name="password" value="bar"  />
    	<input type="submit" name="submit" value="Log on"  />
</form>
</body></html>

pointing to this login.php:

<?php
echo "Loginname: ".$_POST['email'] .'<br>';
echo "Password: ".$_POST['password'];
?>



Expected result:
----------------
Loginname: foo
Password: bar

Actual result:
--------------
Loginname:
Password:

 [2010-10-27 16:57 UTC] cataphract@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.