|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53180 post_max_size=0 partly not working
Submitted: 2010-10-27 11:25 UTC Modified: 2010-10-27 16:57 UTC
From: gm at tlink dot de Assigned: cataphract
Status: Closed Package: PHP options/info functions
PHP Version: 5.3.3 OS: FreeBSD 8.1-RELEASE
Private report: No CVE-ID:
 [2010-10-27 11:25 UTC] gm at tlink dot de
Setting php.ini option post_max_size=0 (for unlimited POSTs since 5.3.2) isn't honoured in some cases. Doing a POST-form upload via curl or browser with a 5GB file works as expected (by setting upload_max_filesize=0 too) but using a login form (see below) results in this error:

PHP Warning: Unknown: POST Content-Length of 38 bytes exceeds the limit of 0 bytes in Unknown on line 0

It seems that main/SAPI.c lacks checks in SAPI_POST_READER_FUNC() for ignoring size checking in case post_max_size==0. This check was implemented in main/rfc1867.c only.

from: if (SG(request_info).content_length > S (post_max_size))
to: if (SG(post_max_size) > 0 && SG(request_info).content_length > S (post_max_size))


from: if (SG(read_post_bytes) > SG(post_max_size))
to: if (SG(post_max_size) > 0 && SG(read_post_bytes) > SG(post_max_size))

Sorry for not attaching a diff yet.


Test script:

<form enctype="application/x-www-form-urlencoded" accept-charset="UTF-8" action="/login.php" method="post">
    	<input type="text" name="email" value="foo"  />
    	<input type="password" name="password" value="bar"  />
    	<input type="submit" name="submit" value="Log on"  />

pointing to this login.php:

echo "Loginname: ".$_POST['email'] .'<br>';
echo "Password: ".$_POST['password'];

Expected result:
Loginname: foo
Password: bar

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-27 16:07 UTC]
-Assigned To: +Assigned To: cataphract
 [2010-10-27 16:56 UTC]
Automatic comment from SVN on behalf of cataphract
Log: - Fixed bug #53180 (post_max_size=0 not disabling the limit when the content
  type is application/x-www-form-urlencoded or is not registered with PHP).
 [2010-10-27 16:57 UTC]
-Status: Assigned +Status: Closed
 [2010-10-27 16:57 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Tue Oct 13 21:01:29 2015 UTC