Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[HttpFoundation] Dots are replaced by underscores in parameter names #9009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
remialvado opened this issue Sep 12, 2013 · 6 comments
Closed

[HttpFoundation] Dots are replaced by underscores in parameter names #9009

remialvado opened this issue Sep 12, 2013 · 6 comments
Labels
HttpFoundation

Comments

@remialvado
Copy link

I didn't know but it seems that PHP is replacing dots by underscores in parameter names in all global variables ($_GET, $_POST, ...). This bug in PHP is described on stackoverflow and on php.net.
Since the Request class uses those globals in createFromGlobals method, all values in Request::$query, Request::$attributes, ... are "wrong".

Is this a known and accepted behavior ? There is a Gist with a proposed solution. Do you think it is worth a PR or do I have to wait for @fabpot's one on RequestFactory (#8957) ?
@stof
Copy link
Member

stof commented Sep 12, 2013

As documented in the stackoverflow answer, not only dots are converted into underscores but also some other chars. The code has no way to know which char was used originally (or if it was really mean to be an underscore).

my suggestion is that you avoid using a dot in your GET and POST variables to avoid such issues

@remialvado
Copy link
Author

The proposal on Gist does not use $_GET, $_POST, ... but use parse_str to retrieve query string. This function should be called with php://input to use raw input. So, I guess it could work and allow us to have access to the correct parameters.
The question remains : do we want this kind of hack and what about BC ? I will definitely break some configurations since calls to URIs like /hello?first.name=foo won't be treated as /hello?first_name=foo anymore.

In my case, I don't really have a choice but to support dots in query string parameters so either I make this PR or I have to wait for #8957 one and override Request class even I'm really not a fan of this solution :(

@fabpot
Copy link
Member

fabpot commented Sep 12, 2013

Looks like a duplicate of #6908 (at least, both are related)

@robbertkl robbertkl mentioned this issue Feb 3, 2014
Closed
@cjunge-work
Copy link

@fabpot: both have the same problem, ie. using parse_str can cause the names to change. Guzzle has implemented a solution for this (see https://github.com/guzzle/guzzle/blob/master/src/Guzzle/Http/QueryString.php), but it's probably a bit heavy for these cases.

This also has an impact when calling a Symfony API/website with non-PHP systems that don't use [] in field names (ie. Java or .NET)

@romainneutron
Copy link
Contributor

This is not duplicate of #6908, only related.

The fix for this issue is to parse $_SERVER['QUERY_STRING'] instead of using $_GET and php://input instead of $_POST

It seems this bug applies on $_COOKIE too

@j-a-p-dev j-a-p-dev mentioned this issue Oct 4, 2014
Closed
@fabpot
Copy link
Member

fabpot commented Dec 24, 2014

Closing this one as this is just the way PHP parses HTTP requests and we won't workaround that.

@fabpot fabpot closed this as completed Dec 24, 2014
@kayue kayue mentioned this issue Jul 15, 2015
Merged
@edhelas edhelas mentioned this issue Nov 15, 2015
Closed
@teohhanhui teohhanhui mentioned this issue Mar 29, 2016
Closed
@davidjwilkins davidjwilkins mentioned this issue Feb 2, 2017
Open
@ostrolucky ostrolucky mentioned this issue Apr 23, 2018
Closed
@SDKiller SDKiller mentioned this issue Jun 22, 2019
Closed
@samsonradu samsonradu mentioned this issue Jun 9, 2020
Closed
@nicolas-grekas nicolas-grekas mentioned this issue Jun 13, 2020
Merged
fabpot added a commit that referenced this issue Jun 24, 2020
@fabpot
feature #37272 [HttpFoundation] add HeaderUtils::parseQuery(): it d…
fb123e4 
…oes the same as `parse_str()` but preserves dots in variable names (nicolas-grekas)

This PR was merged into the 5.2-dev branch.

Discussion
----------

[HttpFoundation] add `HeaderUtils::parseQuery()`: it does the same as `parse_str()` but preserves dots in variable names

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

Inspired by symfony/psr-http-message-bridge#80
/cc @drupol

Related to #9009, #29664, #26220 but also api-platform/core#509 and https://www.drupal.org/project/drupal/issues/2984272
/cc @dunglas @alexpott

Commits
-------

dd81e32 [HttpFoundation] add `HeaderUtils::parseQuery()`: it does the same as `parse_str()` but preserves dots in variable names
@sladg sladg mentioned this issue Mar 3, 2023
Merged
@carestad carestad mentioned this issue Apr 9, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
HttpFoundation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[DomCrawler] Fixed incorrect value name conversion in getPhpValues() and getPhpFiles()
5 participants
@fabpot @romainneutron @stof @remialvado @cjunge-work