Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57224 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 19788 invoked from network); 5 Jan 2012 07:09:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jan 2012 07:09:49 -0000 Authentication-Results: pb1.pair.com header.from=laruence@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=laruence@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.170 as permitted sender) X-PHP-List-Original-Sender: laruence@gmail.com X-Host-Fingerprint: 209.85.220.170 mail-vx0-f170.google.com Received: from [209.85.220.170] ([209.85.220.170:49610] helo=mail-vx0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2F/53-28877-2BC450F4 for ; Thu, 05 Jan 2012 02:09:38 -0500 Received: by vcdn13 with SMTP id n13so189967vcd.29 for ; Wed, 04 Jan 2012 23:09:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=vwxdqSGW3bW4ruKlC5TU7UtGXoPCvbg2qDED14f1SSk=; b=OI7KAtODBvxqCY5B0HMpCUcyqv0Wkwpeoy9TGibXJRFv+9SHpjdP/lT50k3XZgBla9 mE/vhzme0/Q8VBO6mr5kbYL3zx0F2Jw2UCiTrLoC3kmExQAo/3Ht9jbAUo50jDAp75Cx DZx6HGAMbVy6Lmnnevg09WX4SzvUsnKT5+ZhM= Received: by 10.220.155.212 with SMTP id t20mr477744vcw.8.1325747375343; Wed, 04 Jan 2012 23:09:35 -0800 (PST) MIME-Version: 1.0 Sender: laruence@gmail.com Received: by 10.220.3.14 with HTTP; Wed, 4 Jan 2012 23:09:14 -0800 (PST) In-Reply-To: <4F054AC3.7040407@sugarcrm.com> References: <4F048A03.4070408@sugarcrm.com> <4F04A172.7080509@sugarcrm.com> <4F04AA8E.6020701@sugarcrm.com> <4F04AD6D.80608@php.net> <4F04B071.8080102@php.net> <4F04B44D.6080208@thelounge.net> <4F04BCF9.30802@lerdorf.com> <4F04BF63.5060309@lerdorf.com> <4F04C427.9050202@sugarcrm.com> <4F04C920.9050105@lerdorf.com> <4F04CB0D.6040703@lerdorf.com> <4F054AC3.7040407@sugarcrm.com> Date: Thu, 5 Jan 2012 15:09:14 +0800 X-Google-Sender-Auth: 62rwkqJlbJv-XzHgwGH1PQ3E_os Message-ID: To: Stas Malyshev Cc: Rasmus Lerdorf , Ferenc Kovacs , Reindl Harald , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: another fix for max_input_vars. From: laruence@php.net (Laruence) On Thu, Jan 5, 2012 at 3:01 PM, Stas Malyshev wrot= e: > Hi! > > >> and different with the fix which was commited now, =C2=A0this patch coun= t >> the num vars in a global scope, that means if there are 2 elements >> which both have 500 elements in post, =C2=A0the restriction will also >> affect, > > > Why? The point of the limitation is to avoid hash collisions and related > performance problems, but if they are in different elements, what is the > point of limiting them? > Hi, this patch is aim at a quick/simple fix than before, that is why I proposal this patch. actually, there might be no attack even a array has more than 1000 elements= , I mean, this is a simple / quick fix but works the same. thanks > > -- > Stanislav Malyshev, Software Architect > SugarCRM: http://www.sugarcrm.com/ > (408)454-6900 ext. 227 --=20 Laruence =C2=A0Xinchen Hui http://www.laruence.com/