Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57183 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 75889 invoked from network); 4 Jan 2012 13:30:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Jan 2012 13:30:59 -0000 Authentication-Results: pb1.pair.com smtp.mail=julienpauli@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=julienpauli@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.42 as permitted sender) X-PHP-List-Original-Sender: julienpauli@gmail.com X-Host-Fingerprint: 74.125.83.42 mail-ee0-f42.google.com Received: from [74.125.83.42] ([74.125.83.42:36496] helo=mail-ee0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0C/A3-50667-A84540F4 for ; Wed, 04 Jan 2012 08:30:51 -0500 Received: by eeke51 with SMTP id e51so14745599eek.29 for ; Wed, 04 Jan 2012 05:30:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=V80ME8E/9mQO6p4BFWcFELoe6CW6vn9xcscJIOl89hk=; b=BbtkzSuXmFZxmVIoe651zbJZvIFfdchCuXXsj8EaHp3ShvW5pHWJLPYuSXQsiVR/mq 96+59nNUhdobZwtfRM8ba+aULjJyrp3rJxJEKnAoCenppvhBEzUYZiWCjO7O/7k+99Nn inMh4JsVNodbK0V1TkfAQ8bzCpJJQz/McZlag= Received: by 10.14.97.74 with SMTP id s50mr22665645eef.106.1325683847275; Wed, 04 Jan 2012 05:30:47 -0800 (PST) MIME-Version: 1.0 Sender: julienpauli@gmail.com Received: by 10.213.10.20 with HTTP; Wed, 4 Jan 2012 05:30:07 -0800 (PST) In-Reply-To: References: Date: Wed, 4 Jan 2012 14:30:07 +0100 X-Google-Sender-Auth: MuGL40rdMPNqQ4sODsZFXxRKqrk Message-ID: To: Laruence Cc: Dmitry Stogov , Dmitry Stogov , PHP Internals Content-Type: multipart/alternative; boundary=bcaec52be489cd26b304b5b3d228 Subject: Re: [PHP-DEV] Re: another fix for max_input_vars. From: jpauli@php.net (jpauli) --bcaec52be489cd26b304b5b3d228 Content-Type: text/plain; charset=ISO-8859-1 On Wed, Jan 4, 2012 at 12:52 PM, Laruence wrote: > On Wed, Jan 4, 2012 at 7:34 PM, Laruence wrote: > > Hi: > > I have updated the patch, make it works in case of sub arrays. > > > > http://pastebin.com/yPTUZuNe > > this patch only restrict the post variables number, since GET and > Cookie all have their length limit. > > and it's also easy to restrict the get or request too(add the samilar > logic in php_default_treat_data), I just think that is no-needed :) > > thanks > I don't think adding one more .ini option is a good idea. That will lead to people confused, and regarding security parameters, that is never a good idea. For example, people would ask what is the difference between max_input_vars and max_post_vars ? Julien.Pauli > > > > thanks > > > > On Wed, Jan 4, 2012 at 5:59 PM, Laruence wrote: > >> On Wed, Jan 4, 2012 at 2:59 PM, Laruence wrote: > >>> Hi dmitry: > >>> > >>> it seems you have fix the issue that error in register_variable > >>> will cause php process exit. > >>> > >>> here is a fix I made before: http://pastebin.com/7BLAVaWr , I > >>> think maybe this is a lighter fix. > >>> > >>> could you review this? if you think this is okey, I will commit > it. > >> Hmm, after a deep thought, this patch will not work in case of sub > >> arrays in POST .. > >> > >> thanks > >>> > >>> thanks very much. > >>> > >>> -- > >>> Laruence Xinchen Hui > >>> http://www.laruence.com/ > >> > >> > >> > >> -- > >> Laruence Xinchen Hui > >> http://www.laruence.com/ > > > > > > > > -- > > Laruence Xinchen Hui > > http://www.laruence.com/ > > > > -- > Laruence Xinchen Hui > http://www.laruence.com/ > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --bcaec52be489cd26b304b5b3d228--