On Wed, Jan 4, 2012 at 12:52 PM, Laruence <larue...@php.net> wrote: > On Wed, Jan 4, 2012 at 7:34 PM, Laruence <larue...@php.net> wrote: > > Hi: > > I have updated the patch, make it works in case of sub arrays. > > > > http://pastebin.com/yPTUZuNe > > this patch only restrict the post variables number, since GET and > Cookie all have their length limit. > > and it's also easy to restrict the get or request too(add the samilar > logic in php_default_treat_data), I just think that is no-needed :) > > thanks >
I don't think adding one more .ini option is a good idea. That will lead to people confused, and regarding security parameters, that is never a good idea. For example, people would ask what is the difference between max_input_vars and max_post_vars ? Julien.Pauli > > > > thanks > > > > On Wed, Jan 4, 2012 at 5:59 PM, Laruence <larue...@php.net> wrote: > >> On Wed, Jan 4, 2012 at 2:59 PM, Laruence <larue...@php.net> wrote: > >>> Hi dmitry: > >>> > >>> it seems you have fix the issue that error in register_variable > >>> will cause php process exit. > >>> > >>> here is a fix I made before: http://pastebin.com/7BLAVaWr , I > >>> think maybe this is a lighter fix. > >>> > >>> could you review this? if you think this is okey, I will commit > it. > >> Hmm, after a deep thought, this patch will not work in case of sub > >> arrays in POST .. > >> > >> thanks > >>> > >>> thanks very much. > >>> > >>> -- > >>> Laruence Xinchen Hui > >>> http://www.laruence.com/ > >> > >> > >> > >> -- > >> Laruence Xinchen Hui > >> http://www.laruence.com/ > > > > > > > > -- > > Laruence Xinchen Hui > > http://www.laruence.com/ > > > > -- > Laruence Xinchen Hui > http://www.laruence.com/ > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
