Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:58948 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 31232 invoked from network); 15 Mar 2012 02:34:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Mar 2012 02:34:18 -0000 Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.42 as permitted sender) X-PHP-List-Original-Sender: tjerk.meesters@gmail.com X-Host-Fingerprint: 209.85.213.42 mail-yw0-f42.google.com Received: from [209.85.213.42] ([209.85.213.42:64164] helo=mail-yw0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 3C/05-32926-925516F4 for ; Wed, 14 Mar 2012 21:34:18 -0500 Received: by yhfq11 with SMTP id q11so3087079yhf.29 for ; Wed, 14 Mar 2012 19:34:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=ZY/3IMfwutgi4sDkjvPPJlZ9d69kUGEuDfa3/VXUeoo=; b=0m7z6gh3F6ER+0VddvDEzba9+s5KWScKaclm0cFDcQ2AFKrLcpJUf8Gxh02yp5txdp Zmsfp9SoDFxctnvKza24vpbmlHs5+eXCRh+Rx8C9XiKzv/qzw7PC6wsBbcvHKxlSw+Up 7MazF3aaOHEdsearCz8lir2kwpbeF5vgol2hAVzOROE1l4MT/5Zpz/ZH1SY18Yd9v/0Q zwaw7Ee37RSlBCWZFWBSlccf2cYQJXi6gGfN2dMrxGnmH2A/Zcqrgdsl9n/6Z5PZ3SYs vyOofmX6GKebJePb3KO0CQ5ULs1/ehb4GCd9kMsFfGuCL0vAqaNX53Wb6QStT5XQ+jpE bG9w== MIME-Version: 1.0 Received: by 10.236.154.168 with SMTP id h28mr5884099yhk.59.1331778855319; Wed, 14 Mar 2012 19:34:15 -0700 (PDT) Sender: tjerk.meesters@gmail.com Received: by 10.147.146.6 with HTTP; Wed, 14 Mar 2012 19:34:15 -0700 (PDT) In-Reply-To: <4F612BF6.3070301@lerdorf.com> References: <4F60F4B1.5010407@lerdorf.com> <4F612BF6.3070301@lerdorf.com> Date: Thu, 15 Mar 2012 10:34:15 +0800 X-Google-Sender-Auth: PCjM6VxrFnHfqw5DjREXPGg5mQo Message-ID: To: Rasmus Lerdorf Cc: Ilia Alshanetsky , PHP internals Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] Let parse_str() parse more than max_input_vars args From: datibbaw@php.net (Tjerk Anne Meesters) On Thu, Mar 15, 2012 at 7:38 AM, Rasmus Lerdorf wrote: > > Yes, it would need a zend_alter_ini_entry_ex() call there. The patch > wasn't complete, just a quick hack. But it would still have an > out-of-context error message when you exceed it. At least with a > userspace ini_set() the error would make sense. > As mentioned on IRC, a function signature of "array parse_urlencoded(string $s)" would be useful too; the separated logic would allow for avoiding max_input_vars altogether and not having to worry about parameter name mangling (variable name rules). The nasty part is that much of the treat_data code would have to be duplicated (I think). Besides that, applying the hash randomisation patch to only userland arrays would make the max_input_vars less critical and at the same time avoid breaking opcode caches and other low-level dependencies.