A stupid question but I am a little confused. I use pubsubhubbub and check for a new information with if(isset($_HTTP_RAW_POST_DATA)). I check if user is logged with:
if(isset($_SESSION['user'])) {
//logged
}
Can a user send a HTTP_RAW_POST_DATA?
So, basically anyone who sends an HTTP POST request to your callback will actually send a $HTTP_RAW_POST_DATA. Many languages and framework have libraries to parse this into HTTP POST params. In the context of PubSubHubbub, the body is NOT made of params, so you have to use the lower level $HTTP_RAW_POST_DATA, as parsing the XML as params would not make any sense.
If you're trying to secure your callback URL, there are multiples ways to do it:
The raw post data is the data that is used to extract the POST parameters that can be accessed by $_POST. An user can also post un-parametarized data with post, yes.
A user will always send raw POST data to your scripts. PHP will then parse it and populate $_POST. When POSTing from a form, $_POST is equivalent to:
parse_str($HTTP_RAW_POST_DATA, $data);
var_dump($_POST);
var_dump($data); // yields the same as $_POST
However, if you really want to fetch the raw POST data, the preferred way is:
$rawPost = file_get_contents('php://input');
... because $HTTP_RAW_POST_DATA relies on the always_populate_raw_post_data INI setting, and also because it won't work with multipart/form-data content type.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.