Make WordPress Core

Opened 7 weeks ago

Last modified 4 weeks ago

#49810 reopened enhancement

Remove workaround for $HTTP_RAW_POST_DATA bug present in PHP < 5.2.2

Reported by: skoskie Owned by: SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: trivial Version: trunk
Component: XML-RPC Keywords: has-patch needs-testing
Focuses: Cc:


This version of PHP is no longer officially supported, so the workaround need not be present in core.

Attachments (1)

0001-XML-RPC-Removed-workaround-for-PHP-5.2.2-bug.patch (1.0 KB) - added by skoskie 7 weeks ago.

Download all attachments as: .zip

Change History (9)

#2 @prbot
7 weeks ago

skoskie commented on PR #213:

Looks like my base branch didn't get set correctly ... Delete this PR.

This ticket was mentioned in PR #214 on WordPress/wordpress-develop by skoskie.

7 weeks ago

Removed workaround for $HTTP_RAW_POST_DATA bug present in PHP < 5.2.2, since that version is no longer supported.

Trac ticket: https://core.trac.wordpress.org/ticket/49810

#4 @prbot
7 weeks ago

ocean90 commented on PR #214:

Now the workaround is always used which is the wrong way to "fix" this. See also https://www.php.net/manual/en/reserved.variables.httprawpostdata.php

#5 @SergeyBiryukov
7 weeks ago

  • Milestone changed from Awaiting Review to 5.5
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

Hi there, welcome to WordPress Trac! Thanks for the patch.

As noted in the PHP manual, $HTTP_RAW_POST_DATA was deprecated in PHP 5.6.0, and removed as of PHP 7.0.0.

The code relying on it should be updated to always use php://input instead.

#6 @skoskie
7 weeks ago

  • Resolution set to invalid
  • Status changed from reviewing to closed

Apologies as this is my first contribution.

Since WP still supports PHP 5.6, and therefore the $HTTP_RAW_POST_DATA variable, should we not ensure it remains set for those still depending on it?

Anyway, this ticket can be closed. Thank you.

#7 @SergeyBiryukov
7 weeks ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

Thanks for the contribution, no need for apologies :)

I think this ticket is valid, and some changes should be made here, just not exactly the currently proposed patch.

#8 @desrosj
4 weeks ago

Found this searching Trac before creating my own ticket for the same issue.

While working on the currently flagged PHPCompatibility issues in #49922, this came up.

I think this one is tricky to fix. A plugin directory search yields ~1,500 instances of HTTP_RAW_POST_DATA in the directory. Any plugin or custom code that relies on this variable being available could potentially experience problems when it is removed. There's even a test within the REST API tests making sure content in that global variable is properly unslashed.

Note: See TracTickets for help on using tickets.