On 2014-06-19, 6:23 PM, Brian Wolff wrote:
On 6/19/14, Gergo Tisza gtisza@wikimedia.org wrote:
On Thu, Jun 19, 2014 at 6:27 AM, Bartosz DziewoĆski matma.rex@gmail.com wrote:
I'm reasonably sure that the HTTP and HTTPS protocols are smart enough to recognize "cut off" requests, and that any servers whatsoever are smart enough to implement this behavior.
Actually not. multipart/form-data POST requests have an end marker, but application/x-www-form-urlencoded requests have not - they use the same param1=foo¶m2=bar format GET URLs do, there is no way to tell if that is cut off. Lower-level protocols will deal with issues like lost packets or network disconnection, but if the body of the request is truncated because of an error in the sending HTTP library, like using a buffer that is too small, there is no way the server could detect that. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
What about the content-length header? I believe that's included with POST requests even when using application/x-www-form-urlencoded form.
Although I have noticed we do have code in EditPage.php to detect this situation for normal edits, so I guess it must happen on occasion.
--bawolff
Our EditPage situation is because it's possible for a form to be submitted while the HTML is still downloading and some of the form elements aren't in the DOM yet, especially when something like a textarea has a huge amount of wikitext in it.
For what Bartosz is talking about, I think he's talking about a case where someone or a library codes a HTTP POST response body by urlencoding text and then appending it to some form of buffer. If the buffer has a max length to it and truncates text instead of throwing an error when appending to it, then it's used to serve the POST. Since it's the buffer that's wrong, the Content-Length would be based on the incorrect buffer length, and since urlencoded form text has no end markers or number indicating the length of an individual param a large body of text could be cut off mid way by the buffer end and it wouldn't be invalid.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]