Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57184
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78878 invoked from network); 4 Jan 2012 13:59:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Jan 2012 13:59:14 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com  
Received: from [209.85.213.170] ([209.85.213.170:46455] helo=mail-yx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id D0/24-50667-03B540F4 for <internals@lists.php.net>; Wed, 04 Jan 2012 08:59:12 -0500
Received: by yenl6 with SMTP id l6so9666108yen.29
        for <internals@lists.php.net>; Wed, 04 Jan 2012 05:59:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=e9K0nwYVDu1OmlBXs73eG1TOlJXiv+fBAmSGA7VEfJI=;
        b=hiMHhYCrtXTzjj3P6Dc6d9dAziLiDWYjmWtlxxGIaNtG7xp4cg3eSSi87b6qG0ommU
         tkK8bvrF/s/vtW3OBS7VOhO8Ak7rrTQHfoVzqfZ+slA/5jLsYO17p3s5vp0pzcgL9CBb
         2Ywf38Du2xrjLiNJFNb23IXm4HnrqarAtDh+4=
MIME-Version: 1.0
Received: by 10.100.206.2 with SMTP id d2mr16758333ang.3.1325685549406; Wed,
 04 Jan 2012 05:59:09 -0800 (PST)
Received: by 10.146.238.8 with HTTP; Wed, 4 Jan 2012 05:59:09 -0800 (PST)
In-Reply-To: <CAMUwpuTHhJKgbYUk5rFj0yAF0TrBsLPFO21gJYukiU4bcdrw2g@mail.gmail.com>
References: <CABBJUpc7T2QZm8QiitQ0wZ5RsY=3Jwy_UERSvLT9unNYtJ1mZA@mail.gmail.com>
	<CABBJUpcVkYwU4zN0dG2b+jYkppnY9HR8wm7FV0tnmGt6ky5wQg@mail.gmail.com>
	<CABBJUpeN4iJ6mVUKEEz8qxY25zxTmwg8EigpsmxnZGz5xshMhw@mail.gmail.com>
	<CABBJUpdXo_1Jcf65Z9e15hGPb2xkDcxUZX9n2yvmNmY5J0-79Q@mail.gmail.com>
	<CAMUwpuTHhJKgbYUk5rFj0yAF0TrBsLPFO21gJYukiU4bcdrw2g@mail.gmail.com>
Date: Wed, 4 Jan 2012 14:59:09 +0100
Message-ID: <CAEZPtU5ESFV4F3zsdeZtKqHtbY=CPq9TZriwPp3cvXueX+2s7A@mail.gmail.com>
To: jpauli <jpauli@php.net>
Cc: Laruence <laruence@php.net>, Dmitry Stogov <dmitry@php.net>, Dmitry Stogov <dmitry@zend.com>, 
	PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Re: another fix for max_input_vars.
From: pierre.php@gmail.com (Pierre Joye)

hi,

There is no other option.

This value is used before a script even get the hand. So we have to
set a value by default, but we cannot force it, that's why we have to
use an ini setting.

Cheers,

On Wed, Jan 4, 2012 at 2:30 PM, jpauli <jpauli@php.net> wrote:
> On Wed, Jan 4, 2012 at 12:52 PM, Laruence <laruence@php.net> wrote:
>
>> On Wed, Jan 4, 2012 at 7:34 PM, Laruence <laruence@php.net> wrote:
>> > Hi:
>> > =A0 I have updated the patch, make it works in case of sub arrays.
>> >
>> > =A0http://pastebin.com/yPTUZuNe
>>
>> this patch only restrict the post variables number, since GET and
>> Cookie all have their length limit.
>>
>> and it's also easy to restrict the get or request too(add the samilar
>> logic in php_default_treat_data), =A0I just think that is no-needed :)
>>
>> thanks
>>
>
> I don't think adding one more .ini option is a good idea.
> That will lead to people confused, and regarding security parameters, tha=
t
> is never a good idea.
>
> For example, people would ask what is the difference between max_input_va=
rs
> and max_post_vars ?
>
> Julien.Pauli
>
>
>> >
>> > thanks
>> >
>> > On Wed, Jan 4, 2012 at 5:59 PM, Laruence <laruence@php.net> wrote:
>> >> On Wed, Jan 4, 2012 at 2:59 PM, Laruence <laruence@php.net> wrote:
>> >>> Hi dmitry:
>> >>>
>> >>> =A0 =A0it seems you have fix the issue that error in register_variab=
le
>> >>> will cause php process exit.
>> >>>
>> >>> =A0 =A0here is a fix I made before: http://pastebin.com/7BLAVaWr , =
=A0I
>> >>> think maybe this is a lighter fix.
>> >>>
>> >>> =A0 =A0could you review this? =A0 if you think this is okey, =A0I wi=
ll commit
>> it.
>> >> Hmm, after a deep thought, this patch will not work in case of =A0sub
>> >> arrays in POST ..
>> >>
>> >> thanks
>> >>>
>> >>> =A0 =A0thanks very much.
>> >>>
>> >>> --
>> >>> Laruence =A0Xinchen Hui
>> >>> http://www.laruence.com/
>> >>
>> >>
>> >>
>> >> --
>> >> Laruence =A0Xinchen Hui
>> >> http://www.laruence.com/
>> >
>> >
>> >
>> > --
>> > Laruence =A0Xinchen Hui
>> > http://www.laruence.com/
>>
>>
>>
>> --
>> Laruence =A0Xinchen Hui
>> http://www.laruence.com/
>>
>> --
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>



--=20
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org