On 2014-06-19, 6:23 PM, Brian Wolff wrote:
On 6/19/14, Gergo Tisza <gtisza(a)wikimedia.org>
wrote:
On Thu, Jun 19, 2014 at 6:27 AM, Bartosz
DziewoĆski <matma.rex(a)gmail.com>
wrote:
I'm reasonably sure that the HTTP and HTTPS
protocols are smart enough to
recognize "cut off" requests, and that any servers whatsoever are smart
enough to implement this behavior.
Actually not. multipart/form-data POST requests have an end marker,
but application/x-www-form-urlencoded requests have not - they use the same
param1=foo¶m2=bar format GET URLs do, there is no way to tell if that
is cut off. Lower-level protocols will deal with issues like lost packets
or network disconnection, but if the body of the request is truncated
because of an error in the sending HTTP library, like using a buffer that
is too small, there is no way the server could detect that.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l What about the
content-length header? I believe that's included with
POST requests even when using application/x-www-form-urlencoded form.
Although I have noticed we do have code in EditPage.php to detect this
situation for normal edits, so I guess it must happen on occasion.
--bawolff
Our EditPage situation is because it's possible for a form to be
submitted while the HTML is still downloading and some of the form
elements aren't in the DOM yet, especially when something like a
textarea has a huge amount of wikitext in it.
For what Bartosz is talking about, I think he's talking about a case
where someone or a library codes a HTTP POST response body by
urlencoding text and then appending it to some form of buffer. If the
buffer has a max length to it and truncates text instead of throwing an
error when appending to it, then it's used to serve the POST. Since it's
the buffer that's wrong, the Content-Length would be based on the
incorrect buffer length, and since urlencoded form text has no end
markers or number indicating the length of an individual param a large
body of text could be cut off mid way by the buffer end and it wouldn't
be invalid.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]