Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:58939
Return-Path: <ircmaxell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5420 invoked from network); 14 Mar 2012 21:46:41 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Mar 2012 21:46:41 -0000
Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender)
X-PHP-List-Original-Sender: ircmaxell@gmail.com
X-Host-Fingerprint: 209.85.161.170 mail-gx0-f170.google.com  
Received: from [209.85.161.170] ([209.85.161.170:51709] helo=mail-gx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3A/11-32926-1C1116F4 for <internals@lists.php.net>; Wed, 14 Mar 2012 16:46:41 -0500
Received: by ggmb2 with SMTP id b2so2720053ggm.29
        for <internals@lists.php.net>; Wed, 14 Mar 2012 14:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=ZOygc79G1Ny0PTfUFgG0XUyEODyCCIQMC07cYFziM8s=;
        b=O2GBf2q3SSUq+6aHbnUbIECAaM0ryM1JR8Qv6vBqrbtZyva5NqVzoWyG2nAL6nLvSG
         zsESX2412cX+nDHBWYPdnv8U8KFISPEHIrS5ovKNKnyS7y88Awy+jhHKTobM0texVy5u
         qnQ8LoZglCdgnF658sM246a1Y/9zqUi4VorB675R0GHU5IoYY3ogX7ZEcrTapLl8Hndb
         Yy7ND8XScYxJNjz9XAnr9fPZGlLcrNg3tor4/ihm3ymHl8Lp14lBJLjJZOVnWDLyYUtL
         gneLVY2dUmYl+lGRgIOFAWB3AZm10ct90yjZwtuSKuad7s/n3zo3MLtBwh4MGxb6Tfks
         OsIA==
MIME-Version: 1.0
Received: by 10.224.181.197 with SMTP id bz5mr4988550qab.64.1331761598393;
 Wed, 14 Mar 2012 14:46:38 -0700 (PDT)
Received: by 10.229.49.74 with HTTP; Wed, 14 Mar 2012 14:46:38 -0700 (PDT)
In-Reply-To: <4F610FB9.1060309@lerdorf.com>
References: <4F60F4B1.5010407@lerdorf.com>
	<CAEZPtU6TBV_WrZ_OBY_3EiGO+G5gYQWYDDuKOOfxF3-gO2X-JQ@mail.gmail.com>
	<4F610FB9.1060309@lerdorf.com>
Date: Wed, 14 Mar 2012 17:46:38 -0400
Message-ID: <CAAyV7nH-mTDBWSLF=ykGEYWEDTy2hrmLWjG1jEsYUx95sPXTcQ@mail.gmail.com>
To: Rasmus Lerdorf <rasmus@lerdorf.com>
Cc: Pierre Joye <pierre.php@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Let parse_str() parse more than max_input_vars args
From: ircmaxell@gmail.com (Anthony Ferrara)

> But Pierre, you understand that by the time you ini_set() it in the code
> it can only ever affect parse_str() calls.

Well, wouldn't INI_ALL would allow .htaccess files to override that
statement, and hence open the vulnerability?

Anthony