Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57216
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 74661 invoked from network); 4 Jan 2012 21:48:25 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Jan 2012 21:48:25 -0000
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.210.170 cause and error)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 209.85.210.170 mail-iy0-f170.google.com  
Received: from [209.85.210.170] ([209.85.210.170:61705] helo=mail-iy0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 01/90-06110-629C40F4 for <internals@lists.php.net>; Wed, 04 Jan 2012 16:48:24 -0500
Received: by iafj26 with SMTP id j26so36008126iaf.29
        for <internals@lists.php.net>; Wed, 04 Jan 2012 13:48:19 -0800 (PST)
Received: by 10.50.108.140 with SMTP id hk12mr70014597igb.18.1325713699262;
        Wed, 04 Jan 2012 13:48:19 -0800 (PST)
Received: from [192.168.200.5] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225])
        by mx.google.com with ESMTPS id z22sm193607024ibg.5.2012.01.04.13.48.17
        (version=SSLv3 cipher=OTHER);
        Wed, 04 Jan 2012 13:48:18 -0800 (PST)
Message-ID: <4F04C920.9050105@lerdorf.com>
Date: Wed, 04 Jan 2012 13:48:16 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0
MIME-Version: 1.0
To: Stas Malyshev <smalyshev@sugarcrm.com>
CC: Ferenc Kovacs <tyra3l@gmail.com>, 
 Reindl Harald <h.reindl@thelounge.net>,
 "internals@lists.php.net" <internals@lists.php.net>
References: <CABBJUpc7T2QZm8QiitQ0wZ5RsY=3Jwy_UERSvLT9unNYtJ1mZA@mail.gmail.com> <CABBJUpcVkYwU4zN0dG2b+jYkppnY9HR8wm7FV0tnmGt6ky5wQg@mail.gmail.com> <CABBJUpeN4iJ6mVUKEEz8qxY25zxTmwg8EigpsmxnZGz5xshMhw@mail.gmail.com> <4F048A03.4070408@sugarcrm.com> <CAH-PCH69gV88qnQ7OHhGHSt70oD7f9Z_HCFD7dfW6SmBR6z2tQ@mail.gmail.com> <4F04A172.7080509@sugarcrm.com> <CAH-PCH5BUsrXKLtk6JWCOA8d5+2DxSke3UAnbBraJyGP-YnQnA@mail.gmail.com> <4F04AA8E.6020701@sugarcrm.com> <CAH-PCH6YH3ZxH5XzEm6+gsikaHjyL-pdHyAs=OnFhWqHk0CctQ@mail.gmail.com> <4F04AD6D.80608@php.net> <CAF+90c-6XrWJnL4vOQjjPm=N=fWrMy31wHOeXGccv+KRq5DrVw@mail.gmail.com> <4F04B071.8080102@php.net> <CAKxcST9NhATxVLrOVP9h2Qy9GfuuzreeVMBtH0EqdZf7jPhytg@mail.gmail.com> <4F04B44D.6080208@thelounge.net> <4F04BCF9.30802@lerdorf.com> <CAH-PCH5NLbDH9K3abJ70Z0AMjfwRNcjk5xE6aSs4cvpBR2_k5Q@mail.gmail.com> <4F04BF63.5060309@lerdorf.com> <4F04C427.9050202@sugarcrm.com>
In-Reply-To: <4F04C427.9050202@sugarcrm.com>
X-Enigmail-Version: 1.4a1pre
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: another fix for max_input_vars.
From: rasmus@lerdorf.com (Rasmus Lerdorf)

On 01/04/2012 01:27 PM, Stas Malyshev wrote:
> Hi!
> 
>> Right, like I said in my previous message, if this is caught by
>> display_start_errors, I am ok with it. We need the default/no php.ini
>> file case to not leak information like this.
> 
> Just checked - it does not display error if display_startup_errors if
> off, does display if it's on.

Right, that seems ok. The other thing is that we need to clarify that it
actually only limits the number of variables per nesting level. The
current name and the description doesn't make that clear. You can still
send 1M post vars in a single POST if you just nest them in a 1000x1000
2d array. Of course, this is likely going to hit the post_max_size
limit, although many sites that do file uploads will have cranked that
way up.

-Rasmus