[En-Nut-Discussion] httpd and forms: New method for POST evaluation
Bernard Fouché
bernard.fouche at kuantic.com
Tue Sep 6 12:53:00 CEST 2005
Ole Reinhardt wrote:
>Hi all,
>
>as it was requested quite often, I added a new method to httpd.c
>
>void NutHttpProcessPostQuery(FILE *stream, REQUEST * req);
>
>
>
Hi.
A few comments about that method:
- it uses fread() and fread() returns zero if EOF is reached (and this
value is not tested anyway)
so if a malformated POST query comes in, it may hangs the thread (for
instance with Content-length=832938
and no data afterwards). I know, I made a mistake in my php client and I
saw the result ;-) Fgetc() is much
better.
- Since POST is used, this method can not decide what are names and
values in the data chunk sent
by the client: it's up to the server application and client to know what
is carried that way and how to use
it. POST is often used to send/receive XML and trying to locate things
like '?', '&' or '=' in a XML
string will mess everything. (XML starts with "<?xml...")
Bernard
More information about the En-Nut-Discussion
mailing list