Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:58950
Return-Path: <tjerk.meesters@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 38618 invoked from network); 15 Mar 2012 04:25:43 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Mar 2012 04:25:43 -0000
Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender)
X-PHP-List-Original-Sender: tjerk.meesters@gmail.com
X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com  
Received: from [209.85.213.170] ([209.85.213.170:50547] helo=mail-yx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 20/60-36324-74F616F4 for <internals@lists.php.net>; Wed, 14 Mar 2012 23:25:43 -0500
Received: by yenl5 with SMTP id l5so3064475yen.29
        for <internals@lists.php.net>; Wed, 14 Mar 2012 21:25:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:cc:content-type;
        bh=ZnmuqwVhjYqgKE1JRUN0MrEduNznDzP6nkdHu1Fuz8Y=;
        b=kdRAVC9Hkf1nlJrP1VSXLDc8uu62uaIndGfdq0Ehj1DGDq/zyaF6/fzuKqCRLAMGDy
         BodnyH5GO9V16GNtbrV8sf7KmNhaVnvzEsMSZ39yCwbvKFlKX9gQUIyD9FiXGt6dCk9V
         dE04feGPIjPYXODVLwccjLPDGfISowv4q3yRpHbmULqUWP0gPiyLu+2ItZ97j3v0kZ8f
         JKcY5yNsDxyaNM9QeymgFBdpxw+z89tBVG4NLAjBJqQ0VICQwJApvR68odohSf3mN7Wm
         aMJTsVhtShqSCMY1alNjnP62iDRokAAW57M1olwxF4a9sj2ZzAbgEtfw2Es9sbASxykE
         k6NA==
MIME-Version: 1.0
Received: by 10.236.80.105 with SMTP id j69mr6232907yhe.93.1331785540777; Wed,
 14 Mar 2012 21:25:40 -0700 (PDT)
Sender: tjerk.meesters@gmail.com
Received: by 10.147.146.6 with HTTP; Wed, 14 Mar 2012 21:25:40 -0700 (PDT)
In-Reply-To: <4F616AA8.9020503@lerdorf.com>
References: <4F60F4B1.5010407@lerdorf.com>
	<CAJy+15xdm9SxZBaPqnRb4ushqEuF35Xn-k21jj=FE_i1Ej6w9Q@mail.gmail.com>
	<4F612BF6.3070301@lerdorf.com>
	<CAHMUw2FHyMLHCKgtNLrJfRzSBUEiFQbTER-G-_q_4vph8Xy7Xg@mail.gmail.com>
	<4F616AA8.9020503@lerdorf.com>
Date: Thu, 15 Mar 2012 12:25:40 +0800
X-Google-Sender-Auth: KJkqDdWzZhE4r8-Nip3GLVpEcxw
Message-ID: <CAHMUw2EVi6dwimrUaZ08q=VkwJcATtr+BbtGoeJ6wOzxRjWhBg@mail.gmail.com>
To: Rasmus Lerdorf <rasmus@lerdorf.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Let parse_str() parse more than max_input_vars args
From: datibbaw@php.net (Tjerk Anne Meesters)

>> As mentioned on IRC, a function signature of "array
>> parse_urlencoded(string $s)" would be useful too; the separated logic
>> would allow for avoiding max_input_vars altogether and not having to
>> worry about parameter name mangling (variable name rules). The nasty
>> part is that much of the treat_data code would have to be duplicated
>> (I think).
>>
>> Besides that, applying the hash randomisation patch to only userland
>> arrays would make the max_input_vars less critical and at the same
>> time avoid breaking opcode caches and other low-level dependencies.
>
> Sure, but this is a longer-term fix. Right now I am more concerned about
> the fact that we broke code that worked fine in PHP 5.3.8 without any
> way to make it work safely.

I guess this looks acceptable then:

ini_set('max_input_vars', 5000);
parse_str($s, $arr);
ini_restore('max_input_vars');

Although, arguably the last statement would not be needed, since all
input has already been processed ;-)