Does Magento 2 throw an error about
always_populate_raw_post_data being set to
0? And are you having problems installing or updating Magento with PHP 5.6 and PHP 7? Then read on, because here is how to fix upgrades to Magento 2.0 in PHP 5.6 and higher (PHP 7).
Magento 2.0 requires PHP’s
always_populate_raw_post_data to be disabled, or set to
-1 in your php.ini file. Since PHP 5.6, the use of
$HTTP_RAW_POST_DATA is deprecated and will be removed in PHP 7.0. However, in PHP 5.6, this setting is commented out, making it equal to 0, not -1.
This causes errors when you try to install, or update to, Magento 2.0 using PHP 5.6 or PHP 7.
The PHP always_populate_raw_post_data setting will let PHP always populate the $HTTP_RAW_POST_DATA containing the raw POST data, if set to true (
1). Otherwise, the variable is populated only when the MIME type of the data is unrecognized.
Pro tip: learn how to validate MIME types with PHP Fileinfo!
And this is where Magento goes wrong… Well, in my opinion Magento goes wrong by quitting the installer. The error should only be thrown when both
display_startup_errors are enabled in your PHP configuration. On my production servers, they’re disabled.
Unfortunately Magento 2.0 PHP settings check still complains, and throws the following error message:
Your PHP Version is 5.6.15, but always_populate_raw_post_data = 0. $HTTP_RAW_POST_DATA is deprecated from PHP 5.6 onwards and will be removed in PHP 7.0. This will stop the installer from running. Please open your php.ini file and set always_populate_raw_post_data to -1. If you need more help please call your hosting provider.
Here is how you can quickly fix Magento’s
always_populate_raw_post_data = 0 error with PHP 5.6/7.0:
user defined ini-file, or a .user.ini file, to your website’s root folder. It has to contain the following setting:
always_populate_raw_post_data = -1
While going through your PHP config, fix & set correct values for
openssl.cafile too. Stop turning off CURLOPT_SSL_VERIFYPEER (or sslverify = false for wp_remote_get() in WordPress).
This will set the always_populate_raw_post_data value to how it is supposed to be:
-1. For your Magento website only. The directive is a PHP_INI_PERDIR and PHP_INI_ALL setting, meaning you can set it anywhere. If you are a server administrator, make the change to your
php.ini file; automatically populating $HTTP_RAW_POST_DATA is removed in PHP 7.0.0 and deprecated in PHP 5.6.
If set to TRUE, PHP will always populate the
$HTTP_RAW_POST_DATAcontaining the raw POST data. Otherwise, the variable is populated only when the MIME type of the data is unrecognised.
The preferred method for accessing raw POST data is
$HTTP_RAW_POST_DATAis deprecated in PHP 5.6.0 onwards. Setting
always_populate_raw_post_datato -1 will opt into the new behaviour that will be implemented in a future version of PHP, in which
$HTTP_RAW_POST_DATAis never defined.
Regardless of the setting, $
HTTP_RAW_POST_DATAis not available with enctype=”multipart/form-data”.
If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.
Security Advisory: Stored XSS in Magento
Critical Magento Shoplift Vulnerability (SUPEE-5344)
Magento maintenance script for IIS
Fatal error: Uncaught Error:  operator not supported for strings – PHP 7.1
Send authenticated email over TLS from Zen Cart
PHP 5.6 default_charset change may break HTML output