Re: Let parse_str() parse more than max_input_vars args

From: Rasmus Lerdorf Date: Wed, 14 Mar 2012 22:06:13 +0000

Subject: Re: Let parse_str() parse more than max_input_vars args

References: 1 2 3 4 Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

On 03/14/2012 02:46 PM, Anthony Ferrara wrote:
>> But Pierre, you understand that by the time you ini_set() it in the code
>> it can only ever affect parse_str() calls.
> 
> Well, wouldn't INI_ALL would allow .htaccess files to override that
> statement, and hence open the vulnerability?

No because it is already PERDIR.

-Rasmus

Thread (20 messages)

Rasmus LerdorfWed, 14 Mar 2012 19:42:41 +0000
Pierre JoyeWed, 14 Mar 2012 20:32:05 +0000
Rasmus LerdorfWed, 14 Mar 2012 21:38:01 +0000
Anthony FerraraWed, 14 Mar 2012 21:46:38 +0000
Rasmus LerdorfWed, 14 Mar 2012 22:06:13 +0000
Pierre JoyeWed, 14 Mar 2012 22:05:01 +0000
Stas MalyshevWed, 14 Mar 2012 22:11:54 +0000
Rasmus LerdorfWed, 14 Mar 2012 23:04:29 +0000
Ángel GonzálezWed, 14 Mar 2012 22:53:11 +0000
Ilia AlshanetskyWed, 14 Mar 2012 23:27:03 +0000
Rasmus LerdorfWed, 14 Mar 2012 23:38:30 +0000
Tjerk Anne MeestersThu, 15 Mar 2012 02:34:15 +0000
Rasmus LerdorfThu, 15 Mar 2012 04:06:00 +0000
Tjerk Anne MeestersThu, 15 Mar 2012 04:25:40 +0000
Ryan McCueWed, 14 Mar 2012 21:40:21 +0000
Stas MalyshevThu, 15 Mar 2012 06:41:52 +0000
Ryan McCueThu, 15 Mar 2012 10:01:45 +0000
Tjerk Anne MeestersThu, 15 Mar 2012 11:06:34 +0000
Richard LynchThu, 15 Mar 2012 15:07:02 +0000
Rasmus LerdorfThu, 15 Mar 2012 07:00:56 +0000

« previous	php.internals (#58941)	next »

From:	Rasmus Lerdorf	Date:	Wed, 14 Mar 2012 22:06:13 +0000
Subject:	Re: Let parse_str() parse more than max_input_vars args
References:	1 2 3 4	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message