Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:110106 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 60305 invoked from network); 10 May 2020 14:26:37 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 10 May 2020 14:26:37 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 5AA3A1804C9 for ; Sun, 10 May 2020 06:02:47 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 10 May 2020 06:02:46 -0700 (PDT) Received: by mail-oi1-f174.google.com with SMTP id r25so12770896oij.4 for ; Sun, 10 May 2020 06:02:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zx5RuWj00Z1sQilHD0lrcF3J2+VgkC6EELcb9KSI9/8=; b=eqyhsAC/scdFas0lg64cltIyYYfjUE4ek9bqLdZRNvFNyE8M4TnyVXowAeayn+Wra9 ZUvdketDUT6sHSxOO+kr/WzJCWM2up1qulsbnRqqFYh+OmPSVYGzIdfESzmlGsB8QkRW 4D9vd00sSjvwolFJFM4eNCCQFbIBX6o+UINxAPZ2mOMh2npuKlOmXmYUsXkjNdHIM+Qt YZ2z57R39739juvUrkhZYel6KTZwH2a6BHbcH1t78DBLPXisvMRPSxnppFm1AWFq+K5o Sm676sB3hBgHFiaf/f7HDLQT8jYVYA8IguZtW7J3Xwnj5zAOVpkHUcRLK2SrvQzqF7OB XaOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zx5RuWj00Z1sQilHD0lrcF3J2+VgkC6EELcb9KSI9/8=; b=K2zrJ5O17zpFp90//9pDrj95dQMvX4F1E7KVIq0K9GObuOHAFko9GuyaadVR0+SRIV g5eH2sTjxvJGAUPHzFPoa8jUe/O6abHT9omuGp1Cl/bCuWrq1GkGSjDpdz0fLAHU3hyG 6WID8hS3GVgXp2EWB3usYEJZln+3mrS6exyf1PPHC+qdeKojCRavZkBR9ToXYyyoGvBt 3Eo+Fh+76O07kZf90OwLv9MDYXitj1Xso2NK5AXn5kRxvpDdiGxIeWk4clJLqsZbNmuH TKWX1zOdIdSV2MNMkzD/oQ5c9rfRfoFc8CLqEAneDbxGPuB0mk3mvdwBJfAjwO4efSWj xReA== X-Gm-Message-State: AGi0PuYw795FiPkCjiv5909LbtcOT+28ByHd5RuL01ftiC7XhMw0GrHi ZjBOq0fr9IRIBWk6jZl6+Ydt3i1JO3Djust3hiMKWQ== X-Google-Smtp-Source: APiQypKv584T0e/KcjpJakuhRbpm3tBZkH/jaeW2WlJ2MnjPnRpxSOJl58yIQMIzg2ccnhBEsCI5vf8Cjpra0U5IZwU= X-Received: by 2002:aca:c447:: with SMTP id u68mr16657918oif.17.1589115763852; Sun, 10 May 2020 06:02:43 -0700 (PDT) MIME-Version: 1.0 References: <2157564.YClJE7JIHU@mcmic-probook> In-Reply-To: Date: Sun, 10 May 2020 10:02:33 -0300 Message-ID: To: Craig Duncan Cc: =?UTF-8?Q?C=C3=B4me_Chilliet?= , PHP Internals Content-Type: multipart/alternative; boundary="0000000000009c8b1805a54ad824" Subject: Re: [PHP-DEV] max_input_vars trigger detection From: david.proweb@gmail.com (David Rodrigues) --0000000000009c8b1805a54ad824 Content-Type: text/plain; charset="UTF-8" Maybe throw an exception by default when it happen. Considering max_input_vars+1, when hit, throw. Em dom, 10 de mai de 2020 09:34, Craig Duncan escreveu: > > > > Although not particularly elegant, and it does require you to reject > requests that hit but don't exceed the limit, I've used this approach > before: > > > $max = ini_get("max_input_vars") - 1; > $check = count($_REQUEST); > if ($check > $max) { > throw new RequestException("Request is too large, only {$max} input > variables are permitted"); > } > --0000000000009c8b1805a54ad824--