Re: Let parse_str() parse more than max_input_vars args
On 03/14/2012 07:34 PM, Tjerk Anne Meesters wrote:
> On Thu, Mar 15, 2012 at 7:38 AM, Rasmus Lerdorf <[email protected]> wrote:
>>
>> Yes, it would need a zend_alter_ini_entry_ex() call there. The patch
>> wasn't complete, just a quick hack. But it would still have an
>> out-of-context error message when you exceed it. At least with a
>> userspace ini_set() the error would make sense.
>>
>
> As mentioned on IRC, a function signature of "array
> parse_urlencoded(string $s)" would be useful too; the separated logic
> would allow for avoiding max_input_vars altogether and not having to
> worry about parameter name mangling (variable name rules). The nasty
> part is that much of the treat_data code would have to be duplicated
> (I think).
>
> Besides that, applying the hash randomisation patch to only userland
> arrays would make the max_input_vars less critical and at the same
> time avoid breaking opcode caches and other low-level dependencies.
Sure, but this is a longer-term fix. Right now I am more concerned about
the fact that we broke code that worked fine in PHP 5.3.8 without any
way to make it work safely.
-Rasmus
Thread (20 messages)