Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57217 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 76289 invoked from network); 4 Jan 2012 21:56:36 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Jan 2012 21:56:36 -0000 Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.210.170 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.210.170 mail-iy0-f170.google.com Received: from [209.85.210.170] ([209.85.210.170:45434] helo=mail-iy0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 32/E0-06110-21BC40F4 for ; Wed, 04 Jan 2012 16:56:35 -0500 Received: by iafj26 with SMTP id j26so36017170iaf.29 for ; Wed, 04 Jan 2012 13:56:32 -0800 (PST) Received: by 10.42.131.136 with SMTP id z8mr41672122ics.5.1325714192213; Wed, 04 Jan 2012 13:56:32 -0800 (PST) Received: from [192.168.200.5] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225]) by mx.google.com with ESMTPS id l35sm193709949ibj.0.2012.01.04.13.56.30 (version=SSLv3 cipher=OTHER); Wed, 04 Jan 2012 13:56:31 -0800 (PST) Message-ID: <4F04CB0D.6040703@lerdorf.com> Date: Wed, 04 Jan 2012 13:56:29 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0 MIME-Version: 1.0 To: Stas Malyshev CC: Ferenc Kovacs , Reindl Harald , "internals@lists.php.net" References: <4F048A03.4070408@sugarcrm.com> <4F04A172.7080509@sugarcrm.com> <4F04AA8E.6020701@sugarcrm.com> <4F04AD6D.80608@php.net> <4F04B071.8080102@php.net> <4F04B44D.6080208@thelounge.net> <4F04BCF9.30802@lerdorf.com> <4F04BF63.5060309@lerdorf.com> <4F04C427.9050202@sugarcrm.com> <4F04C920.9050105@lerdorf.com> In-Reply-To: <4F04C920.9050105@lerdorf.com> X-Enigmail-Version: 1.4a1pre Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Re: another fix for max_input_vars. From: rasmus@lerdorf.com (Rasmus Lerdorf) On 01/04/2012 01:48 PM, Rasmus Lerdorf wrote: > On 01/04/2012 01:27 PM, Stas Malyshev wrote: >> Hi! >> >>> Right, like I said in my previous message, if this is caught by >>> display_start_errors, I am ok with it. We need the default/no php.ini >>> file case to not leak information like this. >> >> Just checked - it does not display error if display_startup_errors if >> off, does display if it's on. > > Right, that seems ok. The other thing is that we need to clarify that it > actually only limits the number of variables per nesting level. The > current name and the description doesn't make that clear. You can still > send 1M post vars in a single POST if you just nest them in a 1000x1000 > 2d array. Of course, this is likely going to hit the post_max_size > limit, although many sites that do file uploads will have cranked that > way up. Oh, and a final issue to address. This code: for($data=[],$i=0; $i<=999; $i++) $data[$i] = range(0,1001); echo curl_post("http://localhost/index.php",['a'=>$data]); will spew the warning 2000 times. & php post.php | grep Warning | wc -l 2000 -Rasmus