Coldfusion read HTTP post request from other server - http

I have a online form on a third-party server and the submission data is sent to my Coldfusion page using a standard HTTP POST request. I need to retrieve the form data in that .cfm page and insert to the database. I use requestcatcher.com and I can see the post request data format as below:
POST /test HTTP/1.1 Host: mytest.requestcatcher.com Connection:
Keep-Alive Content-Length: 1198 Content-Type: multipart/form-data;
boundary=----------------------637248012629755039 Expect: 100-continue
------------------------637248012629755039 Content-Disposition: form-data; name="e_2113"
My Name
------------------------637248012629755039 Content-Disposition: form-data; name="txtCity"
My City
------------------------637248012629755039 Content-Disposition: form-data; name="e_2123"
District
------------------------637248012629755039 Content-Disposition: form-data; name="e_2107"
test#test.com
------------------------637248012629755039 Content-Disposition: form-data; name="e_2128"
212-123-1234
------------------------637248012629755039 Content-Disposition: form-data; name="e_2158"
Maryland
------------------------637248012629755039 Content-Disposition: form-data; name="e_2130"
I want to know how can I get the value of all the form-data.
Thanks


Just dump the form scope to see all of the field names and values. You can then read that into the database. However, you should also setup an API key that the other server must send to you and you verify before processing data. Otherwise, anyone can send you form data and attack your database.


The data will be in the FORM scope.
So you can access txtCity by doing FORM.txtCity for example.
It is also in ARGUMENTS scope if the form was submitting to a cfc. So you can do ARGUMENTS.txtCity as well in a CFC file.


In addition to the other valid answers, as well as accessing the form scope, or the arguments scope if the request was posted to a CFC, it is worth knowing that you can also use getHTTPRequestData() to access the raw request data. getHTTPRequestData().content in the case of a POST request body.
This can come in useful on rare occasions where the exact request data is needed, before it has been parsed into the form scope by CF. One real-world example is the Paypal IPN verification process where it is necessary to echo the form data back to their handler in exactly the same order, casing and encoding as the original POST body.
Some useful reading if you do need to use getHTTPRequestData() : https://www.bennadel.com/blog/2824-gethttprequestdata-may-break-your-request-in-coldfusion-but-gethttprequestdata-false-may-not.htm

Related

Why is my HTTP POST multipart/form-data wrong?

I am trying to re-create a HTTP-POST multipart/form-data request.
My HTTP-Body looks like this:
--nVenJ7H4puv
Content-Disposition: form-data; name="abc"
I am just a text.
--nVenJ7H4puv
My HTTP-Post request has the following headers:
"Content-Type: multipart/form-data; boundary=nVenJ7H4puv"
Even though according to my knowledge I did everything correctly, I get the reply from the webserver:
Failed to read the request form. Form section has invalid
Content-Disposition value:
Can someone help me out what is wrong with this request?

Don't MIME types like images or PDF files need to be base64 or otherwise encoded?

Don't MIME types like images or PDF files need to be base64 or otherwise encoded
when wanting to send them or upload them over HTTP, since they could potentialy contain control characters?
Don't binary data need a separate tratment from the textual ones, or could I even transfer a text file as binary data (application/octet-stream) and let the receiving application decide how to handle it?

HTTP request doesn't need any transfer encoding. Properly constructed HTTP POST request with multipart/form-data would include Content-Type for each section through every boundary. Don't need to think about it as MIME message. Server/application, this HTTP request addressed to, will handle each boundary content according to content headers and in particular Content-Type. The small example of HTTP POST payload may look like ...
POST /my_page HTTP/1.1
Content-Type: multipart/form-data; boundary=MNZ2WM28FYlZX3miY-6E9iytpT0UfW-uzlOvF
--MNZ2WM28FYlZX3miY-6E9iytpT0UfW-uzlOvF
Content-Disposition: form-data; name="field1"
content of this input field
--MNZ2WM28FYlZX3miY-6E9iytpT0UfW-uzlOvF
Content-Disposition: form-data; name="html_content"
<p><em>Dear customer</em>,</p>
<p>Please review the attached.</p>
--MNZ2WM28FYlZX3miY-6E9iytpT0UfW-uzlOvF
Content-Disposition: form-data; name="file0"; filename="sample.txt"
Content-Type: text/plain
Plain text file content.
--MNZ2WM28FYlZX3miY-6E9iytpT0UfW-uzlOvF
Content-Disposition: form-data; name="file1"; filename="sample.docx"
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
PK ! ߤÒlZ  [Content_Types].xml ¢( 
l"%3÷Þ3VƃÑÚšl µw%ë=–“^i7+Ù×ä-d&á”0ÞAÉ6€l4¼½L60#µÃ’ÍS
Oœ£œƒXø Ž*•V$z3„ü3à÷½Þ—Þ%p)Oµ^ “²×5}nH"dÙsÓXg•L„
Á 8
--MNZ2WM28FYlZX3miY-6E9iytpT0UfW-uzlOvF--

Item key in HTTP POST request. How did my browser get it?

I am trying to simulate an API for a website my company uses using python. I send GET and POST requests and listen for the response, parse it, etc. I've encountered a problem with trying to upload a file to the system. When I upload the file using the website normally my browser (Chrome) sends a POST request with a request body that looks like the following:
...
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="file_to_upload_0"; filename="2228789-2-Quote.pdf"
Content-Type: application/pdf
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="form_category_id"
5146
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="form_file_identifier"
2228789
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="file_id"
1748711477
------WebKitFormBoundaryjSmcGTEU3c2TVyDq
Content-Disposition: form-data; name="ticket_number"
CkuvRtqReP6Sy62gamx206ixksC4BE2z
...
This is the first HTTP request my browser sends after I click the upload button. My question is: how does my browser get the "file_id" and "ticket_number"? I looked at the page source of the page with the form, and neither of these numbers are anywhere on the page. Any help is appreciated.
Thanks

I realized that the answer is in the Javascript. The Javascript file was generating the file_id and whatnot.

Make POST request with file and xml content

I am trying to make a POST request to an api server.
I have a request body which is an xml parameter:
<create-user>
<user-name>username1</user-name>
<password>password1</password>
</create-user>
Next to this parameter, i also need so send a file.
I've tried with fiddler the following thing, but the data is not received by the server (the file exists, but the <create-user> parameter not.
Is possible to send a combination of xml parameters with uploaded files?

Yes. Just add boundary mark (and "Content-Type: application/xml") before XML body. Like the following:
------yxz
Content-Disposition: form-data; name="formInputXML"
Content-Type: application/xml
<create-user>...</create-user
------xyz
Content-Disposition: form-data; name="formInputFile"; filename="UserData.xml"
Content-Type: text/xml
<UserData.xml content>
------xyz--

How can i use a dump-file saved with HttpRequest.SaveAs to re-send the request to my localhost?

I'm troubleshooting an integration between an external service which posts multipart/form-data data to a Controller in MVC3.
On the production server I've captured erroneous request using HttpRequest.SaveAs to a file.
Is there any tool I can use to "replay" the request on my localhost so I can debug with Visual Studio?
(I've been trying with fiddler but I can't get it working right. If a dump a local request from a simple form with POST my controller recieves the files correctly. If i dump the same request and copy paste it into fiddler as raw and send the files are missing so there's something wrong.)
Since there's a built-in function to dump the request I'm thinking it might be some official way to resend the request as well. Is there a way to achieve this?

I have used NCAT command line tool to replay requests captured by SaveAs method.
Command looks like this:
NCAT localhost 80 < CapFileName
you can find it in NMAP library
See my blog for more information.

I got it working in fiddler if I do exactly this in the composer:
Open the dumpfile in notepad
Choose Parsed
Only enter the Content-Type as headers (and let fiddler add the others even if they were the same)
Paste the body of the request in request body from notepad
POST: http://localhost/Controller/Action
Request headers:
Content-Type: multipart/form-data; boundary=fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF
Request body:
--fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF
Content-Disposition: form-data; name="mmsimage"; filename="IMG_0959.jpg"
Content-Type: image/jpeg; name=IMG_0959.jpg; charset=ISO-8859-1
Content-Transfer-Encoding: binary
<the encoded file goes here as jibberish>
--fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF
Content-Disposition: form-data; name="somefield"
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
value of somefield
--fJP-UWKXo6xvqX7niGR0StXXFQwdKhHc9quF--

Resources