I'm debugging a PHP application where I have to POST some data to my server, and then parse it and return some values -- super simple stuff.
The data is in the format:
action=display_all_pols&donate_form=1&user_state=&state=AK&pols[LA][0][post_id]=2714&pols[LA][0][first_name]=Ralph&pols[LA][0][last_name]=Abraham &pols[LA][0][profile_image]=2762
My data size varies from something small, e.g. 187 bytes, to something larger, e.g. 46KB.
I noticed my application was failing to parse the POST correctly. The code is something like this:
function Foo() {
$state = somehow_get_state();
$bar = $_POST['pols'][$state];
// cool logic and stuff
I immediately put a die(var_dump($_POST)); inside Foo(), and noticed that only a portion of the data was actually being POSTed.
When I tested this on the command line, I noticed a difference between:
POST http://10.1.10.22/wesupportthat/wp-admin/admin-ajax.php
action=display_all_pols&donate_form=1&user_state=&state=AK&pols[LA][0][post_id]=2714&pols[LA][0][first_name]=Ralph&pols[LA][0][last_name]=Abraham &pols[LA][0][profile_image]=2762
And this (notice the line feeds);
POST http://10.1.10.22/wesupportthat/wp-admin/admin-ajax.php
action=display_all_pols&donate_form=1&user_state=&state=AK&
pols[LA][0][post_id]=2714&
pols[LA][0][first_name]=Ralph&
pols[LA][0][last_name]=Abraham&
pols[LA][0][profile_image]=2762
The former would only POST roughly 3.1KB of the data, while the later POSTs the entire thing.
Is there a reason why? I'm posting valid JSON, and for the love of me can't figure out why one works and the other doesn't.
In order to create the JSON, I'm creating a nested array, like this:
array( // root-level array
array(
'1' => 'somestring',
'2' => '...',
'3' => '...',
'4' => '...'
),
array( // same as previous),
// more arrays, potentially up to 50 total
)
and then calling json_encode($my_array, JSON_HEX_APOS); to create the JSON.
I'm hoping this is just a rubber duck moment. :-)
Edit: I'm stepping away from my computer, but the TCP captures show the same thing. Will also add my Apache/php info when I get back.
If you are using suhosin extension, and you see lines like this after your failed trials in /var/log/user.log:
suhosin[...]: ALERT - configured POST variable limit exceeded - dropped variable 'x' (attacker 'x.y.z.207', file 'some_script.php')
Then it's probably this extension which is messing your requests. you need in this case to disable or update suhosin's configuration, for example in /etc/php5/conf.d/suhosin.ini
Updating or adding these lines :
suhosin.post.max_vars = 3000
suhosin.request.max_vars = 3000
This configuration allows at most 3000 variables coming in a request.