View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006473 | OXID eShop (all versions) | 1.05. Users | public | 2016-08-11 14:58 | 2016-08-15 11:05 |
| Reporter | christopher_gross | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | no change required | ||
| Product Version | 4.10.1 / 5.3.1 | ||||
| Summary | 0006473: Empty post values from user address form will ignored in PHP 5.6 | ||||
| Description | This problem affects empty post values. For example - if the field oxuser__oxcompany is not mandatory and you fill it out then everything is fine after submit the form. If going to change it again and remove the whole company name so that the input field is empty now then the new oxuser__oxcompany value (which is empty) will not saved. I believe the problem affects only php since version 5.6 because of some changes on HTTP_RAW_POST_DATA. On earlier version this issue is not happen. In the $_POST object the empty values will be ignored. In php://input you will have also empty data. | ||||
| Steps To Reproduce | - Login - Go to "my account" - Go to "my invoice and delivery address" - Fill out the "company"-Field or any other which is not mandatory - Save - Everything is fine - Go back again to "my invoice and delivery address" - Empty the "company"-Field or any other which is not mandatory - The old value will be shown and the empty value is not saved | ||||
| Additional Information | A very dirty workaround could be: parse_str(file_get_contents('php://input'), $_POST); This will parse the whole php://input with all empty value and will assigned/overwrite the $_POST object. A better solution would be to implement the handling of php://input inside oxConfig::getRequestParameter(). | ||||
| Tags | No tags attached. | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | 5.6 | ||||
| Database Version | Not defined | ||||
|
|
I was wondering about this ticket, from documentation $HTTP_RAW_POST_DATA population should have no side effects on empty post values the behavior sounds more like an known Suhosin bug. So i made a testscript/form on webspace with php5.6 and the $_POST variable did also contain empty fields. So question to the author could be a problem with some php extension like Suhosin? |
|
|
Yes suhosin extension is installed and active. I found out that the following settings had resolved my issue. suhosin.post.disallow_nul=0 suhosin.request.disallow_nul=0 This settings allows the handling of the null bytes of empty post values. Maybe this should be documented somewhere? |
|
|
Updating suhosin may also help if that is an option. I do not think oxid should documented it because it is something that is a bug in an other software component. But as we have this bug ticket - it is now somehow documented :-) |
