Implement GH-19249: http context - allow content to be a stream/resource

ndossche · ndossche · commit 88cf76ea840a · 2025-07-27T15:45:39.000+02:00
This may be useful for sending large chunks of data.
diff --git a/UPGRADING b/UPGRADING
@@ -263,6 +263,7 @@ PHP 8.5 UPGRADE NOTES
     and the function returns false. Previously, these errors were silently
     ignored. This change affects only the sendmail transport.
   . getimagesize() now supports HEIF/HEIC images.
+  . The "http" stream context's "content" field now supports streams.
 
 - Standard:
   . getimagesize() now supports SVG images when ext-libxml is also loaded.
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
@@ -352,6 +352,43 @@ static zend_string *php_stream_http_response_headers_parse(php_stream_wrapper *w
 	return NULL;
 }
 
+static bool php_stream_unwrap_content(php_stream_context *context, zend_string **str_out, php_stream **stream_out)
+{
+	zval *content = php_stream_context_get_option(context, "http", "content");
+	if (content) {
+		if (Z_TYPE_P(content) == IS_STRING && Z_STRLEN_P(content) > 0) {
+			*str_out = Z_STR_P(content);
+			return true;
+		} else if (Z_TYPE_P(content) == IS_RESOURCE) {
+			if ((php_stream_from_zval_no_verify(*stream_out, content))) {
+				return true;
+			}
+		}
+	}
+
+	return false;
+}
+
+static bool php_stream_append_content_length(smart_str *req_buf, zend_string *content_str, php_stream *content_stream)
+{
+	smart_str_appends(req_buf, "Content-Length: ");
+	if (content_str) {
+		smart_str_append_unsigned(req_buf, ZSTR_LEN(content_str));
+	} else {
+		zend_off_t current_position = php_stream_tell(content_stream);
+		if (php_stream_seek(content_stream, 0, SEEK_END) < 0) {
+			return false;
+		}
+		zend_off_t end_position = php_stream_tell(content_stream);
+		if (php_stream_seek(content_stream, current_position, SEEK_SET) < 0) {
+			return false;
+		}
+		smart_str_append_unsigned(req_buf, end_position - current_position);
+	}
+	smart_str_appends(req_buf, "\r\n");
+	return true;
+}
+
 static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 		const char *path, const char *mode, int options, zend_string **opened_path,
 		php_stream_context *context, int redirect_max, int flags,
@@ -832,6 +869,9 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 		}
 	}
 
+	zend_string *content_str = NULL;
+	php_stream *content_stream = NULL;
+
 	if (user_headers) {
 		/* A bit weird, but some servers require that Content-Length be sent prior to Content-Type for POST
 		 * see bug #44603 for details. Since Content-Type maybe part of user's headers we need to do this check first.
@@ -840,42 +880,71 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 				(header_init || redirect_keep_method) &&
 				context &&
 				!(have_header & HTTP_HEADER_CONTENT_LENGTH) &&
-				(tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
-				Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0
+				php_stream_unwrap_content(context, &content_str, &content_stream)
 		) {
-			smart_str_appends(&req_buf, "Content-Length: ");
-			smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
-			smart_str_appends(&req_buf, "\r\n");
+			if (!php_stream_append_content_length(&req_buf, content_str, content_stream)) {
+				php_stream_close(stream);
+				stream = NULL;
+				efree(user_headers);
+				php_stream_wrapper_log_error(wrapper, options, "Unable to determine length of \"content\" stream!");
+				goto out;
+			}
 			have_header |= HTTP_HEADER_CONTENT_LENGTH;
 		}
 
 		smart_str_appends(&req_buf, user_headers);
 		smart_str_appends(&req_buf, "\r\n");
 		efree(user_headers);
+
+		/* php_stream_unwrap_content() may throw a TypeError for non-stream resources */
+		if (UNEXPECTED(EG(exception))) {
+			php_stream_close(stream);
+			stream = NULL;
+			goto out;
+		}
 	}
 
 	/* Request content, such as for POST requests */
 	if ((header_init || redirect_keep_method) && context &&
-		(tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
-		Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0) {
+		(content_str || content_stream || php_stream_unwrap_content(context, &content_str, &content_stream))) {
 		if (!(have_header & HTTP_HEADER_CONTENT_LENGTH)) {
-			smart_str_appends(&req_buf, "Content-Length: ");
-			smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
-			smart_str_appends(&req_buf, "\r\n");
+			if (!php_stream_append_content_length(&req_buf, content_str, content_stream)) {
+				php_stream_close(stream);
+				stream = NULL;
+				php_stream_wrapper_log_error(wrapper, options, "Unable to determine length of \"content\" stream!");
+				goto out;
+			}
 		}
 		if (!(have_header & HTTP_HEADER_TYPE)) {
 			smart_str_appends(&req_buf, "Content-Type: application/x-www-form-urlencoded\r\n");
 			php_error_docref(NULL, E_NOTICE, "Content-type not specified assuming application/x-www-form-urlencoded");
 		}
 		smart_str_appends(&req_buf, "\r\n");
-		smart_str_appendl(&req_buf, Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
+		if (content_str) {
+			smart_str_append(&req_buf, content_str);
+			php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s));
+		} else {
+			php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s));
+
+			if (SUCCESS != php_stream_copy_to_stream_ex(content_stream, stream, PHP_STREAM_COPY_ALL, NULL)) {
+				php_stream_close(stream);
+				stream = NULL;
+				php_stream_wrapper_log_error(wrapper, options, "Unable to copy \"content\" stream!");
+				goto out;
+			}
+		}
 	} else {
+		/* php_stream_unwrap_content() may throw a TypeError for non-stream resources */
+		if (UNEXPECTED(EG(exception))) {
+			php_stream_close(stream);
+			stream = NULL;
+			goto out;
+		}
+
 		smart_str_appends(&req_buf, "\r\n");
+		php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s));
 	}
 
-	/* send it */
-	php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s));
-
 	if (Z_ISUNDEF_P(response_header)) {
 		array_init(response_header);
 	}
diff --git a/ext/standard/tests/http/gh19249_custom_stream.phpt b/ext/standard/tests/http/gh19249_custom_stream.phpt
@@ -0,0 +1,46 @@
+--TEST--
+GH-19249 (http context - allow content to be a stream/resource) - custom stream
+--INI--
+allow_url_fopen=1
+--CONFLICTS--
+server
+--FILE--
+<?php
+class MyStream {
+    public $context;
+
+    public function stream_open(string $path, string $mode, int $options, ?string &$opened_path): bool {
+        return true;
+    }
+
+    public function stream_read(int $count): string|false {
+        return false;
+    }
+}
+
+stream_wrapper_register("custom", MyStream::class);
+
+$serverCode = <<<'CODE'
+var_dump(getallheaders()['Content-Length']);
+echo file_get_contents('php://input');
+CODE;
+
+include __DIR__."/../../../../sapi/cli/tests/php_cli_server.inc";
+php_cli_server_start($serverCode, null, []);
+
+$postData = fopen("custom://", "r");
+
+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/", false, stream_context_create([
+    'http' => [
+        'method' => 'POST',
+        'header' => [
+        	'Content-type: application/x-www-form-urlencoded',
+        ],
+        'content' => $postData,
+    ]
+]));
+?>
+--EXPECTF--
+Warning: file_get_contents(): Stream does not support seeking in %s on line %d
+
+Warning: file_get_contents(%s): Failed to open stream: Unable to determine length of "content" stream! in %s on line %d
diff --git a/ext/standard/tests/http/gh19249_memory_stream.phpt b/ext/standard/tests/http/gh19249_memory_stream.phpt
@@ -0,0 +1,34 @@
+--TEST--
+GH-19249 (http context - allow content to be a stream/resource) - memory stream
+--INI--
+allow_url_fopen=1
+--CONFLICTS--
+server
+--FILE--
+<?php
+$serverCode = <<<'CODE'
+var_dump(getallheaders()['Content-Length']);
+echo file_get_contents('php://input');
+CODE;
+
+include __DIR__."/../../../../sapi/cli/tests/php_cli_server.inc";
+php_cli_server_start($serverCode, null, []);
+
+$postData = fopen("php://memory", "w+");
+fwrite($postData, "a=b&c=d");
+// Test skip
+fseek($postData, 4);
+
+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/", false, stream_context_create([
+    'http' => [
+        'method' => 'POST',
+        'header' => [
+        	'Content-type: application/x-www-form-urlencoded',
+        ],
+        'content' => $postData,
+    ]
+]));
+?>
+--EXPECT--
+string(1) "3"
+c=d
diff --git a/ext/standard/tests/http/gh19249_no_stream.phpt b/ext/standard/tests/http/gh19249_no_stream.phpt
@@ -0,0 +1,41 @@
+--TEST--
+GH-19249 (http context - allow content to be a stream/resource) - no stream
+--INI--
+allow_url_fopen=1
+--CONFLICTS--
+server
+--FILE--
+<?php
+$serverCode = '';
+
+include __DIR__."/../../../../sapi/cli/tests/php_cli_server.inc";
+php_cli_server_start($serverCode, null, []);
+
+$postData = proc_open("echo", [], $pipes);
+
+$headers = [
+    [],
+    'header' => [
+        'Content-type: application/x-www-form-urlencoded',
+    ],
+];
+
+foreach ($headers as $header) {
+    try {
+        file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/", false, stream_context_create([
+            'http' => [
+                'method' => 'POST',
+                ...$header,
+                'content' => $postData,
+            ]
+        ]));
+    } catch (TypeError $e) {
+        echo $e->getMessage(), "\n";
+    }
+}
+
+proc_close($postData);
+?>
+--EXPECT--
+file_get_contents(): supplied resource is not a valid stream resource
+file_get_contents(): supplied resource is not a valid stream resource
