Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:58949 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 36741 invoked from network); 15 Mar 2012 04:06:09 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Mar 2012 04:06:09 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.213.170 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com Received: from [209.85.213.170] ([209.85.213.170:47467] helo=mail-yx0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 87/00-36324-FAA616F4 for ; Wed, 14 Mar 2012 23:06:08 -0500 Received: by yenl5 with SMTP id l5so3052933yen.29 for ; Wed, 14 Mar 2012 21:06:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=EjRQAelrGlVBO7aREo4w7pTD1QjCMZddSFVQu3SVBKs=; b=jP7fKx1YFkAkzUfdoLTyUh46fOc3rUXclWlizcOlyRmIfJ6b+KGpY45TSWhUKDwEcE g/BxWgmh1HA9YZGO//czDJ1wVF3lns0ximxt0iAAgb1N66eO2o1MX7EFAyP5Xf1NkVb6 pqy9211E1rwpgp4ZmZn8/i8bJ4GVnbuyrwEbAujWNdlIkbJ9ZcFtQqMgiL/4GrvKL1ft erZzUxtyhbDi8y2434mLAtioT57mpWWzF9Vu4M7geAcIXwDuxugCWakRmmaR0F9R8N/m w3/QLZNAyfdoWb2AyNghNvn2AifcOhkgSYCeF7/KD19G4yoxZIzJAWgB58vYDEzkg1rv cgEg== Received: by 10.229.75.142 with SMTP id y14mr1740682qcj.144.1331784363997; Wed, 14 Mar 2012 21:06:03 -0700 (PDT) Received: from [192.168.200.5] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225]) by mx.google.com with ESMTPS id cw5sm2123555qab.20.2012.03.14.21.06.01 (version=SSLv3 cipher=OTHER); Wed, 14 Mar 2012 21:06:03 -0700 (PDT) Message-ID: <4F616AA8.9020503@lerdorf.com> Date: Wed, 14 Mar 2012 21:06:00 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: Tjerk Anne Meesters CC: PHP internals References: <4F60F4B1.5010407@lerdorf.com> <4F612BF6.3070301@lerdorf.com> In-Reply-To: X-Enigmail-Version: 1.3.5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQnkKeNhNc1sNmpAhxtxNBIRWW2eaCWeuf/IS1rgOe6eUnFEBxhedQgb+NPEwWFX5gQwDrNA Subject: Re: [PHP-DEV] Let parse_str() parse more than max_input_vars args From: rasmus@lerdorf.com (Rasmus Lerdorf) On 03/14/2012 07:34 PM, Tjerk Anne Meesters wrote: > On Thu, Mar 15, 2012 at 7:38 AM, Rasmus Lerdorf wrote: >> >> Yes, it would need a zend_alter_ini_entry_ex() call there. The patch >> wasn't complete, just a quick hack. But it would still have an >> out-of-context error message when you exceed it. At least with a >> userspace ini_set() the error would make sense. >> > > As mentioned on IRC, a function signature of "array > parse_urlencoded(string $s)" would be useful too; the separated logic > would allow for avoiding max_input_vars altogether and not having to > worry about parameter name mangling (variable name rules). The nasty > part is that much of the treat_data code would have to be duplicated > (I think). > > Besides that, applying the hash randomisation patch to only userland > arrays would make the max_input_vars less critical and at the same > time avoid breaking opcode caches and other low-level dependencies. Sure, but this is a longer-term fix. Right now I am more concerned about the fact that we broke code that worked fine in PHP 5.3.8 without any way to make it work safely. -Rasmus