Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118624 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 7338 invoked from network); 14 Sep 2022 16:18:21 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 14 Sep 2022 16:18:21 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id EAB101804AA for ; Wed, 14 Sep 2022 09:18:20 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-vk1-f182.google.com (mail-vk1-f182.google.com [209.85.221.182]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 14 Sep 2022 09:18:20 -0700 (PDT) Received: by mail-vk1-f182.google.com with SMTP id s192so7719834vkb.9 for ; Wed, 14 Sep 2022 09:18:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=R6ItTECG+8vI2KU3oE9ljmHf1Vm9a8xNy6mz1594rtM=; b=mZN5i/9hPL0Lg4Pzh5cblSiN0+45rYxdiqA5nfwak19f3kaCB1AOqkrIQOyqUhwcnl 0P1O+xQs4RMKUvzw32aclwmFHbmfpbN+k6YkwDb3gUYOUcbjTALL6Z5Z24mGoK3kMMaW PhTdxw979jIyzevSZSjpdUVSeMmRmzQaYg4C/CGGbSD2F72ILx/7jgFDpmw6DxuXQVHd 8w7KzAQ42JwDtOLwdblPIJqycMYdOSL9JN2qxnWWARC6+N+jTQaUHy7egV3BawnnGMW9 qbeLm7Gsm7EGOv0ia9qq26DM8Bm0y8bijghZjFu0PDdugZiYAGfwA0LJl8p17uHZEZUd LjMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=R6ItTECG+8vI2KU3oE9ljmHf1Vm9a8xNy6mz1594rtM=; b=RlX99WVjzcfe0irzq9cnKcCP92UYyA9kp30Bs79+d2xnSTt7bNhnQZ2LXQY9QulHLs SxvuqR1E/iAhUDizmU2hgiv+FOWq7LrpYduUYieWmPawBnR6iL+o3oHXzFjmpH1Pvz7d tBcyTmJZEUiq2aRsBacAT767mn60Co3ulSFfxIHbYqssqnxBGfh1AL056xnasHH7vEnF imVnG2nQK0JvFcYNY382q5r0BPzskiI0PWVtI6twnTiSKdOgg0bSqyGNyMljYGJjdd0r HS74N4AiUS08tw+s/bJEGslhIyQS6hRP1i+LucJehuqDCHhG/qg1h+LirPU9Q0+FC7hD p/wQ== X-Gm-Message-State: ACgBeo1rRdJMvDYS6K0IeF9xM4ZsIKRVQzceXIQ9vkpG3TaWfgnON8j4 sFMaJy05xudaQgwZjLqJFih1rIEu9+1dIRMhNyw= X-Google-Smtp-Source: AA6agR61lqkQVP0AcWBe40xli4L2yDUYgxnGlWBZupM6zUe9i0/voGM4Bz6f6BB/n0pfwfBZlFxPLzOvQBDxEYiAsYk= X-Received: by 2002:a1f:244b:0:b0:3a1:fd18:5fa0 with SMTP id k72-20020a1f244b000000b003a1fd185fa0mr7844949vkk.39.1663172299856; Wed, 14 Sep 2022 09:18:19 -0700 (PDT) MIME-Version: 1.0 References: <8479bc9a-6ed6-0cf1-c727-123e2b87a8d6@dafert.at> <9BAED6E7-E2ED-4CA1-977C-3A0C751B288F@php.net> In-Reply-To: <9BAED6E7-E2ED-4CA1-977C-3A0C751B288F@php.net> Date: Wed, 14 Sep 2022 09:18:08 -0700 Message-ID: To: Derick Rethans Cc: internals@lists.php.net, juan carlos morales , Mel Dafert Content-Type: multipart/alternative; boundary="00000000000022224f05e8a57a1a" Subject: Re: [PHP-DEV] Error behaviour for max_input_vars From: jordan.ledoux@gmail.com (Jordan LeDoux) --00000000000022224f05e8a57a1a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Sep 13, 2022 at 4:01 PM Derick Rethans wrote: > On 13 September 2022 19:36:15 BST, juan carlos morales < > dev.juan.morales@gmail.com> wrote: > >El mar., 13 de septiembre de 2022 15:33, juan carlos morales < > >dev.juan.morales@gmail.com> escribi=C3=B3: > > > >> > >> > >> El mar., 13 de septiembre de 2022 14:58, Mel Dafert > >> escribi=C3=B3: > >> > >>> > >>> In summary, I believe this can only be solved inside of PHP itself, b= y > >>> allowing to configure a way for `max_input_vars` to abort the request > >>> instead of truncating the input. > >>> The options I see feasible are: > >>> - A new ini setting `max_input_vars_abort` (default to 0), which, if > set > >>> to 1, will abort the request if there are more input variables than > >>> allowed. > >>> - A method to reliably detect whether the input vars were truncated > (eg. > >>> `function has_post_been_truncated(): bool`), so the application can > >>> decide whether to abort or not. > >>> - Deciding that `max_input_vars` is not relevant anymore and should b= e > >>> handled by the likes of Apache and NGINX, thus changing the default t= o > >>> `0` and removing the setting > >>> over a deprecation period. > >>> > >>> I am leaning towards the first option, but would be open to either > >>> outcome. > >>> > >> > >> > >> We should not delete the ini setting "max_input_vars"... Is a breaking > >> change very hard. > >> > >> I Am in favour of adding More flexibility about how to handle this > >> situation... And I also think that options 1 and 2 can coexist smoothl= y. > >> > >> I suggest you write and RFC for this and continue the discussion on th= is > >> e-mail list but with the RFC already created. > >> > > > > > >Check this out > > > >https://wiki.php.net/rfc/howto > > That's quite a condescending thing to say, considering that Mel has > already successfully passed an RFC ( > https://wiki.php.net/rfc/intldatetimepatterngenerator). > > cheers > Derick > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > I didn't know that either! That also makes my comment about version inclusion a bit condescending. Sorry Mel! Jordan --00000000000022224f05e8a57a1a--