View Issue Details

IDProjectCategoryView StatusLast Update
0006473OXID eShop (all versions)1.05. Userspublic2016-08-15 11:05
Status resolvedResolutionno change required 
Product Version4.10.1 / 5.3.1 
Target VersionFixed in Version 
Summary0006473: Empty post values from user address form will ignored in PHP 5.6
DescriptionThis problem affects empty post values. For example - if the field oxuser__oxcompany is not mandatory and you fill it out then everything is fine after submit the form. If going to change it again and remove the whole company name so that the input field is empty now then the new oxuser__oxcompany value (which is empty) will not saved.

I believe the problem affects only php since version 5.6 because of some changes on HTTP_RAW_POST_DATA. On earlier version this issue is not happen.

In the $_POST object the empty values will be ignored.
In php://input you will have also empty data.
Steps To Reproduce- Login
- Go to "my account"
- Go to "my invoice and delivery address"
- Fill out the "company"-Field or any other which is not mandatory
- Save
- Everything is fine
- Go back again to "my invoice and delivery address"
- Empty the "company"-Field or any other which is not mandatory
- The old value will be shown and the empty value is not saved
Additional InformationA very dirty workaround could be:
parse_str(file_get_contents('php://input'), $_POST);

This will parse the whole php://input with all empty value and will assigned/overwrite the $_POST object.

A better solution would be to implement the handling of php://input inside oxConfig::getRequestParameter().
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP Version5.6
Database VersionNot defined



2016-08-14 23:25

developer   ~0011734

I was wondering about this ticket, from documentation $HTTP_RAW_POST_DATA population should have no side effects on empty post values the behavior sounds more like an known Suhosin bug. So i made a testscript/form on webspace with php5.6 and the $_POST variable did also contain empty fields.

So question to the author could be a problem with some php extension like Suhosin?


2016-08-15 10:30

reporter   ~0011736

Yes suhosin extension is installed and active. I found out that the following settings had resolved my issue.

This settings allows the handling of the null bytes of empty post values. Maybe this should be documented somewhere?


2016-08-15 10:47

developer   ~0011737

Updating suhosin may also help if that is an option.
I do not think oxid should documented it because it is something that is a bug in an other software component. But as we have this bug ticket - it is now somehow documented :-)