Issue with AJAX File Uploads in 2.6.0.

[PaulAik]

Hi,

I'm getting the following issue reported back to the browser console when trying to upload images via the default file uploader in the admin section:

Uncaught SyntaxError: Unexpected token <

Digging further, I think it's because PHP is actually generating this in the response back to the browser after a successful image upload:

<br />
<b>Deprecated</b>:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
[{"error":false,"message":"Added file: slide1.jpg","file":"\/site\/assets\/files\/1\/slide1.jpg","size":32505,"markup":"\n\t<li id='file_e08fe7a0e9958acf28b5b684e0e2983a' class='InputfieldFileItem InputfieldImage ui-widget'>\n\t\t<p class='InputfieldFileInfo InputfieldItemHeader ui-widget ui-widget-header'>\n\t\t\t<i class='fa fa-fw fa-sort HideIfSingle'><\/i>\n\t\t\t<i class='fa fa-fw fa-caret-right HideIfMultiple'><\/i> \n\t\t\t<a class='InputfieldFileName pw-modal pw-modal-large' title='slide1.jpg (1100x440)' href='\/processwire\/page\/image\/edit\/?id=1&file=1,slide1.jpg&rte=0&field=images' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'>slide1.jpg <i class='fa fa-pencil ui-priority-secondary'><\/i><\/a> \n\t\t\t<span class='InputfieldFileStats'>32&nbsp;kB, 1100x440  <\/span> \n\t\t\t<label class='InputfieldFileDelete'><input type='checkbox' name='delete_images_e08fe7a0e9958acf28b5b684e0e2983a' value='1' title='Delete' \/><i class='fa fa-fw fa-trash'><\/i><\/label>\n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveBottom' href='#' title='Move to bottom'><i class='fa fa-fw fa-angle-double-down'><\/i><\/a> \n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveTop' href='#' title='Move to top'><i class='fa fa-fw fa-angle-double-up'><\/i><\/a> \n\t\t<\/p>\n\t\t<div class='InputfieldFileData ui-widget ui-widget-content'>\n\t\t\t<div class='InputfieldImagePreview'>\n\t\t\t\t<a class='InputfieldFileLink' target='_blank' href='\/site\/assets\/files\/1\/slide1.jpg?nc=10'><img height=\"100\" src=\"\/site\/assets\/files\/1\/slide1.0x100.jpg?nc=1431867408\" alt=\"\" data-gridsize=\"100\"  \/><\/a>\n\t\t\t\t<div class='InputfieldImageActions'>\n\t\t\t\t\t<a title='slide1.jpg (1100x440)' href='\/processwire\/page\/image\/edit\/?id=1&file=1,slide1.jpg&rte=0&field=images' class='pw-modal pw-modal-large' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'><i class='fa fa-fw fa-crop'><\/i><\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class='InputfieldFileDescription'><label for='description_images_e08fe7a0e9958acf28b5b684e0e2983a' class='detail'>Description<\/label><input type='text' name='description_images_e08fe7a0e9958acf28b5b684e0e2983a' id='description_images_e08fe7a0e9958acf28b5b684e0e2983a' value='' \/><\/div>\n\t\t\t<input class='InputfieldFileSort' type='text' name='sort_images_e08fe7a0e9958acf28b5b684e0e2983a' value='0' \/>\n\t\t<\/div>\n\t<\/li>","replace":false,"overwrite":0}]

Looks like the second part in the response (the bit that's actually a JSON response) is what the script is expecting to see, but instead it's trying to parse the warning message back from PHP (I'm running PHP 5.6.3 on my Mac if that helps).

I reckon I can turn this warning off to fix the issue, but I've seen this reported a few times in the forums so it might be worth putting a fix in place for if possible. Unfortunately I'm not sure $HTTP_RAW_POST_DATA is populated, so I can't fix myself right now!

[teppokoivula]

This is caused by one specific PHP 5.6 issue/feature/change. Here's a related PHP bug report, and this blog post discusses the effects in detail. The comments section for the blog post has clarifications from one PHP dev, who explains why they had to add new -1 setting for always_populate_raw_post_data to prevent this from happening in all situations.

ProcessWire doesn't use $HTTP_RAW_POST_DATA at all, but this issue can apparently be triggered at least by certain types of HTTP requests. The "fix" would be either always_populate_raw_post_data=-1 in php.ini, or disabling such notices. Perhaps we could also try forcing this with ini_set() or php_value, though?

For the record, this is also discussed here: matomo-org/matomo#6465.

[teppokoivula]

Just had a closer look at the PHP bug report, and it seems that ini_set() won't affect this one at all. Not sure about php_value.

[ryancramerdesign]

If ProcessWire isn't even triggering this one, I'm not really sure how to respond to it. If there was some way I could suppress the error message, that would seem appropriate. But given that we're not using $HTTP_RAW_POST_DATA, that leaves the question of where to even code around this. The error message mentioned above mentions file "Unknown line 0" so it appears to be occurring within PHP itself rather than somewhere in PW. Btw, I'm running PHP 5.6.2 under MAMP, but not seeing this issue here.

[stereonom]

Hi.

I get the same error after upgrading from 2.4.0 to 2.6.
But I'm using php 5.4.42.
I get the error with both 2.6.1 stable and 2.6.5 dev.
always_populate_raw_post_data is off.

[qqnamunew]

I have the same issue as stereonom - after update to PW 2.6

[teppokoivula]

@stereonom Just checking, but by "always_populate_raw_post_data is off" do you mean it's 0, or is it -1as explained above?

@qqnamunew Same question, could you check the value of the always_populate_raw_post_data php.ini setting? :)

[stereonom]

@teppokoivula phpinfo() literally says "Off"
when I do: echo ini_get('always_populate_raw_post_data') I get a 0

[teppokoivula]

Taking another look at this, I'm a bit confused as to why this error would appear in PHP 5.4 at all.

According to all the sources I've found so far, including official PHP changelogs, the deprecation notice you're seeing was introduced in 5.6.0. Unless PHP devs (or someone else) has backported (?) it to the 5.4 branch (perhaps along with security fixes), this shouldn't happen in the first place.

@stereonom, there are couple of things you might want to check:

• First of all, make sure you're really using PHP 5.4 and not 5.6, for aforementioned reasons. 5.6 is going to get more common either way, and downgrading to 5.4/5.5 isn't a valid solution, but it would be nice to know if this issue occurs more commonly than was originally expected :)
• Double check that you're seeing exactly the error / deprecation message mentioned above. File upload could fail for a number of other issues too, so better make sure we're chasing the right one here.
• Unless you're relying on the old $HTTP_RAW_POST_DATA feature in another app/site/etc. in this environment, you could try setting always_populate_raw_post_data to -1. This is the "correct solution", and also the only quick fix to this issue.

[tbba]

Here are the settings, our provider df.eu set for us (just to see how others set this):
In PHP 4.5 and 5.5: "OFF"
In PHP 5.6: "0" (not "OFF" and not "-1")

[qqnamunew]

@teppokoivula
My problem seems to be connected with update to PW 2.6
I set always_populate_raw_post_data to -1 with no effect. It is the same with PHP 5.3 and PHP 5.4.
More interesting is that 'fresh' Processwire instalation on the same server works normal.
I copied all files except site/templates from fresh installation with no effect.
Tried to clear cache with no effect.
It seems to be some DB entry problem but i cant figure out which one can it be.
My JS error is:

SyntaxError: Unexpected token <
http://domain.pl/panel/page/edit/?id=1091:1

The same error shows up on other updated instalations on the same server.
Screenshot:

[teppokoivula]

@qqnamunew At this point I'm pretty sure that this is another issue entirely.

Just to make sure, I would check what the AJAX request actually contains. This should be visible in your dev tools, Network tab (for Chrome). Find the request, and check what the "response" tab for it says. You'll probably find some unexpected (HTML) markup there.

@tbba For PHP 5.6, this should be -1 to avoid the notice, though that could also have negative impact on other (outdated) applications on the environment, so a web host might not be too keen to set that as the default for all users. For this particular issue PHP < 5.6 are irrelevant, unless someone actually backported this "feature" there, which still sounds kind of unlikely.

[qqnamunew]

@teppokoivula You are right. I get this in response:

[{"error":false,"message":"Dodane pliki: hk.jpg","file":"\/site\/assets\/files\/1091\/hk.jpg","size":187786,"markup":"\n\t<li id='file_0b64f721506a83159fd9c6d64617a379' class='InputfieldFileItem InputfieldImage ui-widget'>\n\t\t<p class='InputfieldFileInfo InputfieldItemHeader ui-widget ui-widget-header'>\n\t\t\t<i class='fa fa-fw fa-sort HideIfSingle'><\/i>\n\t\t\t<i class='fa fa-fw fa-caret-right HideIfMultiple'><\/i> \n\t\t\t<a class='InputfieldFileName pw-modal pw-modal-large' title='hk.jpg (1177x577)' href='\/panel\/page\/image\/edit\/?id=1091&file=1091,hk.jpg&rte=0&field=images' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'>hk.jpg <i class='fa fa-pencil ui-priority-secondary'><\/i><\/a> \n\t\t\t<span class='InputfieldFileStats'>183&nbsp;kB, 1177x577  <\/span> \n\t\t\t<label class='InputfieldFileDelete'><input type='checkbox' name='delete_images_0b64f721506a83159fd9c6d64617a379' value='1' title='Delete' \/><i class='fa fa-fw fa-trash'><\/i><\/label>\n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveBottom' href='#' title='Move to bottom'><i class='fa fa-fw fa-angle-double-down'><\/i><\/a> \n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveTop' href='#' title='Move to top'><i class='fa fa-fw fa-angle-double-up'><\/i><\/a> \n\t\t<\/p>\n\t\t<div class='InputfieldFileData ui-widget ui-widget-content'>\n\t\t\t<div class='InputfieldImagePreview'>\n\t\t\t\t<a class='InputfieldFileLink' target='_blank' href='\/site\/assets\/files\/1091\/hk.jpg?nc=1437559944'><img src=\"\/site\/assets\/files\/1091\/hk.jpg?nc=1437559944\" alt=\"\" data-gridsize=\"100\"  \/><\/a>\n\t\t\t\t<div class='InputfieldImageActions'>\n\t\t\t\t\t<a title='hk.jpg (1177x577)' href='\/panel\/page\/image\/edit\/?id=1091&file=1091,hk.jpg&rte=0&field=images' class='pw-modal pw-modal-large' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'><i class='fa fa-fw fa-crop'><\/i><\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class='InputfieldFileDescription'><label for='description_images_0b64f721506a83159fd9c6d64617a379' class='detail'>Opis<\/label><input type='text' name='description_images_0b64f721506a83159fd9c6d64617a379' id='description_images_0b64f721506a83159fd9c6d64617a379' value='' \/><\/div>\n\t\t\t<input class='InputfieldFileSort' type='text' name='sort_images_0b64f721506a83159fd9c6d64617a379' value='2' \/>\n\t\t<\/div>\n\t<\/li>","replace":false,"overwrite":0}]<script type="text/javascript"><!--
document.writeln('<'+'scr'+'ipt type="text/javascript" src="http://home.hit.stat24.com/_'+(new Date()).getTime()+'/script.js?id=.cdLcC7CWNVDzoqip9uEy5YlfQrFHAezVjtqY47rWTf.k7"></'+'scr'+'ipt>');
//--></script>

[ryancramerdesign]

Looks like you've got something injecting JavaScript into your requests
(hacked?). Start by checking your index.php and .htaccess files.
On Jul 22, 2015 6:15 AM, "qqnamunew" [email protected] wrote:

@teppokoivula https://github.com/teppokoivula You are right. I get this
in response:

[{"error":false,"message":"Dodane pliki: hk.jpg","file":"/site/assets/files/1091/hk.jpg","size":187786,"markup":"\n\t

\n\t\t

\n\t\t\t</i>\n\t\t\t</i> \n\t\t\thk.jpg </i></a> \n\t\t\t183 kB, 1177x577 </span> \n\t\t\t<input type='checkbox'
name='delete_images_0b64f721506a83159fd9c6d64617a379' value='1' title='Delete' /></i></label>\n\t\t\t</i></a> \n\t\t\t</i></a> \n\t\t</p>\n\t\t

\n\t\t\t

\n\t\t\t\t<img src="/site/assets/files/1091/hk.jpg?nc=1437559944" alt="" data-gridsize="100" /></a>\n\t\t\t\t

\n\t\t\t\t\t</i></a>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t\t

Opis</label><input type='text' name='description_images_0b64f721506a83159fd9c6d64617a379' id='description_images_0b64f721506a83159fd9c6d64617a379' value='' /></div>\n\t\t\t<input class='InputfieldFileSort' type='text' name='sort_images_0b64f721506a83159fd9c6d64617a379' value='2' />\n\t\t</div>\n\t</li>","replace":false,"overwrite":0}]<script type="text/javascript"></script>

—
Reply to this email directly or view it on GitHub
Issue with AJAX File Uploads in 2.6.0. #1174 (comment)
.

[qqnamunew]

@ryancramerdesign Thank you for your advice. I checked all files it many times but that what you said pointed me the problem. It was code for statistics added by hosting provider.

[stereonom]

@teppokoivula
I installed 2.6.1 and for some reason the Automatically populating $HTTP_RAW_POST_DATA is deprecated is gone.

Even adding ini_set('always_populate_raw_post_data', '-1'); to the index.php has no effect.

But…I get a different error now with 2.6.1

The InputfieldFile.min.js is expecting JSON and is getting a script-element.

[gmclelland]

I just started having the same problem with uploading images. I noticed this on an existing ProcessWire 2.7.2 site and just tested on a fresh new site.

I disabled all non core modules and added always_populate_raw_post_data = -1 to my php.ini. If I check my phpinfo.php it say's "always_populate_raw_post_data = 0". It didn't make any difference.

I've tried the same in firefox, chrome, and safari.
When I check my response in Chrome it shows the following:

<br />
<b>Deprecated</b>:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
[{"error":false,"message":"Added file: globals.jpg","file":"\/site\/assets\/files\/1002\/globals.jpg","size":25337,"markup":"\n\t<li id='file_91ef455ec27970cb238861b2c8895d64' class='InputfieldFileItem InputfieldImage ui-widget'>\n\t\t<p class='InputfieldFileInfo InputfieldItemHeader ui-widget ui-widget-header ui-helper-clearfix'>\n\t\t\t<span class='HideIfSingle HideIfEmpty InputfieldFileDrag'><i class='fa fa-sort'><\/i>&nbsp;<\/span>\n\t\t\t<i class='fa fa-caret-right InputfieldFileDrag HideIfMultiple'><\/i> \n\t\t\t<label class='InputfieldFileDelete'><input type='checkbox' name='delete_images_91ef455ec27970cb238861b2c8895d64' value='1' title='Delete' \/><i class='fa fa-fw fa-trash'><\/i><\/label>\n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveBottom' href='#' title='Move to bottom'><i class='fa fa-fw fa-angle-double-down'><\/i><\/a> \n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveTop' href='#' title='Move to top'><i class='fa fa-fw fa-angle-double-up'><\/i><\/a> \n\t\t\t<a class='InputfieldFileName pw-modal pw-modal-large' title='globals.jpg: globals.jpg (281x386)' href='\/admin\/page\/image\/edit\/?id=1002&file=1002,globals.jpg&rte=0&field=images' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'>globals.jpg <i class='fa fa-pencil ui-priority-secondary'><\/i><\/a> \n\t\t\t<span class='InputfieldFileStats'>25&nbsp;kB, 281x386  <\/span> \n\t\t<\/p>\n\t\t<div class='InputfieldFileData ui-widget ui-widget-content'>\n\t\t\t<div class='InputfieldImagePreview'>\n\t\t\t\t<a class='InputfieldFileLink' target='_blank' href='\/site\/assets\/files\/1002\/globals.jpg?nc=10'><img height=\"100\" src=\"\/site\/assets\/files\/1002\/globals.0x100.jpg?nc=1452724334\" alt=\"\" data-gridsize=\"100\"  \/><\/a>\n\t\t\t\t<div class='InputfieldImageActions'>\n\t\t\t\t\t<a title='globals.jpg (281x386)' href='\/admin\/page\/image\/edit\/?id=1002&file=1002,globals.jpg&rte=0&field=images' class='pw-modal pw-modal-large' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'><i class='fa fa-fw fa-crop'><\/i><\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class='InputfieldFileDescription'><label for='description_images_91ef455ec27970cb238861b2c8895d64' class='detail'>Description<\/label><input type='text' name='description_images_91ef455ec27970cb238861b2c8895d64' id='description_images_91ef455ec27970cb238861b2c8895d64' value='' \/><\/div>\n\t\t\t<input class='InputfieldFileSort' type='text' name='sort_images_91ef455ec27970cb238861b2c8895d64' value='0' \/>\n\t\t<\/div>\n\t<\/li>","replace":false,"overwrite":0}]

What did work for me was turning on xdebug. After I enabled xdebug, my uploads starting working again....Strange

Hope that helps someone

[gmclelland]

I just upgraded my homebrew php installation with brew install php56 and brew install php56-xdebug. I then disabled xdebug and now file uploads are working again. Just thought I would share in case anybody else was still running into this issue.

[mikerockett]

I've just bumped into this as well, on an oldish site I'm adding content to:

<br />
<b>Deprecated</b>:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent in <b>D:\var\www\gcafrique\public_html\wire\core\admin.php</b> on line <b>16</b><br />
[{
    "error": false,
    "message": "Added file: brick-protection-fluid.jpg",
    "file": "\/site\/assets\/files\/1057\/brick-protection-fluid.jpg",
    "size": 51306,
    "markup": "\n\t<li id='file_ecf172076d5a07d1f5314d611e4b7c33' class='InputfieldFileItem InputfieldImage ui-widget'>\n\t\t<p class='InputfieldFileInfo InputfieldItemHeader ui-widget ui-widget-header ui-helper-clearfix'>\n\t\t\t<span class='HideIfSingle HideIfEmpty InputfieldFileDrag'><i class='fa fa-sort'><\/i>&nbsp;<\/span>\n\t\t\t<i class='fa fa-caret-right InputfieldFileDrag HideIfMultiple'><\/i> \n\t\t\t<label class='InputfieldFileDelete'><input type='checkbox' name='delete_aside_image_ecf172076d5a07d1f5314d611e4b7c33' value='1' title='Delete' \/><i class='fa fa-fw fa-trash'><\/i><\/label>\n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveBottom' href='#' title='Move to bottom'><i class='fa fa-fw fa-angle-double-down'><\/i><\/a> \n\t\t\t<a class='InputfieldFileMove InputfieldFileMoveTop' href='#' title='Move to top'><i class='fa fa-fw fa-angle-double-up'><\/i><\/a> \n\t\t\t<a class='InputfieldFileName pw-modal pw-modal-large' title='brick-protection-fluid.jpg: brick-protection-fluid.jpg (230x173)' href='\/backend\/page\/image\/edit\/?id=1057&file=1057,brick-protection-fluid.jpg&rte=0&field=aside_image' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'>brick-pr&hellip;jpg <i class='fa fa-pencil ui-priority-secondary'><\/i><\/a> \n\t\t\t<span class='InputfieldFileStats'>50&nbsp;kB, 230x173  <\/span> \n\t\t<\/p>\n\t\t<div class='InputfieldFileData ui-widget ui-widget-content'>\n\t\t\t<div class='InputfieldImagePreview'>\n\t\t\t\t<a class='InputfieldFileLink' target='_blank' href='\/site\/assets\/files\/1057\/brick-protection-fluid.jpg?nc=1474903751'><img src=\"\/site\/assets\/files\/1057\/brick-protection-fluid.jpg?nc=1474903751\" alt=\"\" data-gridsize=\"100\"  \/><\/a>\n\t\t\t\t<div class='InputfieldImageActions'>\n\t\t\t\t\t<a title='brick-protection-fluid.jpg (230x173)' href='\/gca.backend\/page\/image\/edit\/?id=1057&file=1057,brick-protection-fluid.jpg&rte=0&field=aside_image' class='pw-modal pw-modal-large' data-buttons='#non_rte_dialog_buttons button' data-autoclose='1' data-close='#non_rte_cancel'><i class='fa fa-fw fa-crop'><\/i><\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t<input class='InputfieldFileSort' type='text' name='sort_aside_image_ecf172076d5a07d1f5314d611e4b7c33' value='0' \/>\n\t\t<\/div>\n\t<\/li>",
    "replace": false,
    "overwrite": 0
}]

Using PHP 5.6 as well.