堆栈内存溢出
  简体   繁体   English

用户可以将HTTP_RAW_POST_DATA发送到我的网站吗?

[英]Can user send HTTP_RAW_POST_DATA to my site?

 原文  2010-11-12 12:44:29       php

问题描述

A stupid question but I am a little confused. 一个愚蠢的问题,但我有些困惑。 I use pubsubhubbub and check for a new information with if(isset($_HTTP_RAW_POST_DATA)). 我使用pubsubhubbub并使用if(isset($ _ HTTP_RAW_POST_DATA))检查新信息。 I check if user is logged with: 我检查用户是否登录了: 

if(isset($_SESSION['user'])) {
 //logged
}

Can a user send a HTTP_RAW_POST_DATA? 用户可以发送HTTP_RAW_POST_DATA吗?

3 个解决方案

解决方案1
 2 已采纳  2010-11-12 17:19:26

So, basically anyone who sends an HTTP POST request to your callback will actually send a $HTTP_RAW_POST_DATA. 因此,基本上任何向您的回调发送HTTP POST请求的人实际上都会发送$ HTTP_RAW_POST_DATA。 Many languages and framework have libraries to parse this into HTTP POST params. 许多语言和框架都有库可以将其解析为HTTP POST参数。 In the context of PubSubHubbub, the body is NOT made of params, so you have to use the lower level $HTTP_RAW_POST_DATA, as parsing the XML as params would not make any sense. 在PubSubHubbub的上下文中,主体不是由params组成的,所以您必须使用较低级别的$ HTTP_RAW_POST_DATA,因为将XML解析为params毫无意义。

If you're trying to secure your callback URL, there are multiples ways to do it: 如果您尝试保护回调URL,可以采用多种方法:

  • Make your callback URLs unique and un-guessable : for example, use a unique internal identifier in the URLs for each feed to which you subscribed. 使您的回调URL唯一且不可混淆:例如,对于您订阅的每个供稿,在URL中使用唯一的内部标识符。
  • Subscribe using http* s *, and by providing a hub.secret. 使用http * s *并通过提供hub.secret进行订阅。 This secret will then be used by the hub to compute a unique signature for each notification. 然后,中心将使用此机密为每个通知计算唯一的签名。 You have to make sure this signature matches the content that you get. 您必须确保此签名与您获得的内容匹配。 Read more about this here . 在此处阅读有关此内容的更多信息

解决方案2
 1  2010-11-12 12:47:05

The raw post data is the data that is used to extract the POST parameters that can be accessed by $_POST. 原始发布数据是用于提取$ _POST可以访问的POST参数的数据。 An user can also post un-parametarized data with post, yes. 用户还可以使用post(是)发布未参数化的数据。

解决方案3
 0  2010-11-12 13:05:39

A user will always send raw POST data to your scripts. 用户将始终将原始POST数据发送到您的脚本。 PHP will then parse it and populate $_POST. 然后,PHP将对其进行解析并填充$ _POST。 When POSTing from a form, $_POST is equivalent to: 从表单发布时,$ _ POST等效于: 

parse_str($HTTP_RAW_POST_DATA, $data);
var_dump($_POST);
var_dump($data); // yields the same as $_POST

However, if you really want to fetch the raw POST data, the preferred way is: 但是,如果您确实要获取原始POST数据,则首选方法是: 

$rawPost = file_get_contents('php://input');

... because $HTTP_RAW_POST_DATA relies on the always_populate_raw_post_data INI setting, and also because it won't work with multipart/form-data content type. ...因为$ HTTP_RAW_POST_DATA依赖always_populate_raw_post_data INI设置,也因为它不适用于multipart / form-data内容类型。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 未定义的变量:HTTP_RAW_POST_DATA - Undefined variable: HTTP_RAW_POST_DATA HTTP_RAW_POST_DATA的安全问题 - Security Issues with HTTP_RAW_POST_DATA 在HTTP_RAW_POST_DATA上进行输入验证 - input validation on HTTP_RAW_POST_DATA $ HTTP_RAW_POST_DATA的用法 - Usage of $HTTP_RAW_POST_DATA 如何让Jquery发送POST数据来填充PHP中的$ HTTP_RAW_POST_DATA var? - how to get Jquery to send POST data to populate $HTTP_RAW_POST_DATA var in PHP? 我可以将表格JSON数据发布到HTTP_RAW_POST_DATA吗 - Can I post with a form JSON data to HTTP_RAW_POST_DATA $ GLOBALS ['HTTP_RAW_POST_DATA'] POST文件名 - $GLOBALS['HTTP_RAW_POST_DATA'] POST File Name $ HTTP_RAW_POST_DATA错误-未发布数据 - $HTTP_RAW_POST_DATA Error - Not posting data 如何正确使用HTTP_RAW_POST_DATA - How to use HTTP_RAW_POST_DATA properly 用什么替换 php 7 中的 $GLOBALS['HTTP_RAW_POST_DATA']? - What to replace $GLOBALS['HTTP_RAW_POST_DATA'] in php 7?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM