Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118621 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 64321 invoked from network); 13 Sep 2022 23:27:18 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 13 Sep 2022 23:27:18 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 8E54C1804AA for ; Tue, 13 Sep 2022 16:27:17 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-vk1-f176.google.com (mail-vk1-f176.google.com [209.85.221.176]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 13 Sep 2022 16:27:17 -0700 (PDT) Received: by mail-vk1-f176.google.com with SMTP id k14so6641153vkk.0 for ; Tue, 13 Sep 2022 16:27:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=H4PCr5pCag61VnRWnklXsgaYIXrmkeymGmtHuvstAZk=; b=JiM1SHGqP9qoyR8NCge49VCFzmrU5NH+z9gcCXKSoAmEO1P36KGG85pT2+f+IDqEOq Szz4jmJpfRYiHPhFZmoVz6ncecfLTwrkuJXU4vj5AcwqCvLD6JV9QW+6tcVxXejFbB7D fM00Sf5HTjKLVRRsVGW09ulfgSC/twJxUKYXOY2exvEkxStOFSXJ/qVtU//9xA4+ZNCh QWl/IkKTdGUvb+4bjpcycvF7rKC4ZVHBf27uPsbKPf5gQlxbxgNubB8VhX3Bku6ehfIu EwHthW8kQ86KrYOH0xaojaXLH7cvYrukqLUturj+4FjtvLdgMuiVtYj2eWIdthQF36zk bc3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=H4PCr5pCag61VnRWnklXsgaYIXrmkeymGmtHuvstAZk=; b=Igr0KFN5Hj+K5peFRhlLrA0YVZDmvMv3RFj+CbBTevB0I71kTSTZtc1CKUzbsiwjvT /ijapMnLv8CDS78VE/0WvKDRyVQ/UcrQ+BwUaxAlPN4P/rp80P6HNw3YymOZyCbG6lS8 w6X0dEcC7Mq2jzJ+Ut2Tmc8Takot1H346V/2eLWaluVGWaobx+bJbhhQrOaQm/yqaOVk CxnHU1M51RmvBURKkhKxxyaJFXPvrK/EZtgqW+ybs/X2KCrIu/BZBsZHwkGQgOW/OQ0j +bx+4Y1kBVWsQq3B9yX8Q+yG/ojFSvG9zDDbW4QiEe6JOtBkiGYb3ac9u9QEs2r/ZpBB MHIw== X-Gm-Message-State: ACgBeo3Tu7eZHTW9GMkmYjZN7JAhohJ/8N7L4QwLytckmxioGDcioD4v u8vHEjyBSjcUbWP7mpXsTtde4c1Put2jiwGqcfwMqk2h X-Google-Smtp-Source: AA6agR7pcu1/AMPqH8fU7iTzzDWx1IwwwG3XW8eCZvYtzAPH81fNHi+sHvhm/cyIQu8VbL5ARhmR3qdM9Ij5mQMA4So= X-Received: by 2002:a1f:9116:0:b0:3a2:362b:fea9 with SMTP id t22-20020a1f9116000000b003a2362bfea9mr4254157vkd.11.1663111636411; Tue, 13 Sep 2022 16:27:16 -0700 (PDT) MIME-Version: 1.0 References: <8479bc9a-6ed6-0cf1-c727-123e2b87a8d6@dafert.at> <9BAED6E7-E2ED-4CA1-977C-3A0C751B288F@php.net> In-Reply-To: <9BAED6E7-E2ED-4CA1-977C-3A0C751B288F@php.net> Date: Tue, 13 Sep 2022 20:27:05 -0300 Message-ID: To: Derick Rethans Cc: PHP Internals List , Mel Dafert Content-Type: multipart/alternative; boundary="0000000000004f687605e8975ab3" Subject: Re: [PHP-DEV] Error behaviour for max_input_vars From: dev.juan.morales@gmail.com (juan carlos morales) --0000000000004f687605e8975ab3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable El mar., 13 de septiembre de 2022 20:01, Derick Rethans escribi=C3=B3: > On 13 September 2022 19:36:15 BST, juan carlos morales < > dev.juan.morales@gmail.com> wrote: > >El mar., 13 de septiembre de 2022 15:33, juan carlos morales < > >dev.juan.morales@gmail.com> escribi=C3=B3: > > > >> > >> > >> El mar., 13 de septiembre de 2022 14:58, Mel Dafert > >> escribi=C3=B3: > >> > >>> > >>> In summary, I believe this can only be solved inside of PHP itself, b= y > >>> allowing to configure a way for `max_input_vars` to abort the request > >>> instead of truncating the input. > >>> The options I see feasible are: > >>> - A new ini setting `max_input_vars_abort` (default to 0), which, if > set > >>> to 1, will abort the request if there are more input variables than > >>> allowed. > >>> - A method to reliably detect whether the input vars were truncated > (eg. > >>> `function has_post_been_truncated(): bool`), so the application can > >>> decide whether to abort or not. > >>> - Deciding that `max_input_vars` is not relevant anymore and should b= e > >>> handled by the likes of Apache and NGINX, thus changing the default t= o > >>> `0` and removing the setting > >>> over a deprecation period. > >>> > >>> I am leaning towards the first option, but would be open to either > >>> outcome. > >>> > >> > >> > >> We should not delete the ini setting "max_input_vars"... Is a breaking > >> change very hard. > >> > >> I Am in favour of adding More flexibility about how to handle this > >> situation... And I also think that options 1 and 2 can coexist smoothl= y. > >> > >> I suggest you write and RFC for this and continue the discussion on th= is > >> e-mail list but with the RFC already created. > >> > > > > > >Check this out > > > >https://wiki.php.net/rfc/howto > > That's quite a condescending thing to say, considering that Mel has > already successfully passed an RFC ( > https://wiki.php.net/rfc/intldatetimepatterngenerator). > > cheers > Derick > I did not know that :=3D) You know My intention was to be supportive 100% :=3D) Thanks for pointing It. Have a good day > --0000000000004f687605e8975ab3--