As a solution, I have enabled this flag in a single directory by placing "php_flag always_populate_raw_post_data On" in my .htaccess file. I have also written a small script that can be easily included to parse the data in $HTTP_RAW_POST_DATA into an array I'm calling $_FORM. Below is the code:
Code: Select all
if(isset($HTTP_RAW_POST_DATA))
{
$pairs = explode("&", $HTTP_RAW_POST_DATA); // break the query string up into name=value pairs
$_FORM = array();
foreach($pairs as $pair)
{
$pair = explode("=", $pair); $varname = $pair[0]; $value = urldecode($pair[1]); // split this pair and decode value
if(!array_key_exists($varname, $_FORM)) // if this variable is not yet represented in the $_FORM array...
$_FORM[$varname] = $value; // add it
else
if(is_array($_FORM[$varname])) // if this variables has already been turned into an array within $_FORM...
array_push($_FORM[$varname], $value); // just add this value to the array
else
$_FORM[$varname] = array($_FORM[$varname], $value); // turn this variable into an array, preserving the pre-existing value
}
foreach($_FORM as $varname => $value) // turn arrays into lists, for conformity
if(is_array($value)) $_FORM[$varname] = implode(",", $value);
}I'd like to know if anyone is aware of any potential security problems posed either by enabling always_populate_raw_post_data or by using my script to parse the raw post data. Thanks very much.