[En-Nut-Discussion] httpd and forms: New method for POST evaluation

Ole Reinhardt ole.reinhardt at kernelconcepts.de
Tue Sep 6 13:58:05 CEST 2005


Hi,

> A few comments about that method:

These are always wellcome!

> - it uses fread() and fread() returns zero if EOF is reached (and this 
> value is not tested anyway)

Can EOF be reached at all? As it is a stream communication there won't
be a EOF, right? All other parts of httpd also use fread, dont't they?

So what do you suggest? Better use fgetc? I have decided agains this
approach as it is less overhead. Any better idea? I could also change
this to use fgetc.

> so if a malformated POST query comes in, it may hangs the thread (for 
> instance with Content-length=832938
> and no data afterwards). I know, I made a mistake in my php client and I 
> saw the result ;-) Fgetc() is much
> better.

Right... One could include a timeout, but therefor we would need
something like a poll or select function.

> - Since POST is used, this method can not decide what are names and 
> values in the data chunk sent
> by the client: it's up to the server application and client to know what 
> is carried that way and how to use
> it. 

You'r right. Of course you may only use this function in a place where
you can be shure that the received data is not malformed. That's why mus
call this function from within your cgi and it is not mandatory as the
parameter evlaution using the GET method is.

This is a quick and dirty method to obtain form values and only shall be
used for this. So I think the chance to get invalid request is quite
negligible. 

For shure making the function more stable is prefarable.

Any ideas how to change / enhance this function?

Best regards,

Ole Reinhardt

-- 
kernel concepts    Tel: +49-271-771091-14
Dreisbachstr. 24   Fax: +49-271-771091-19
D-57250 Netphen    E+ : +49-177-7420433
--





More information about the En-Nut-Discussion mailing list