php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #60728 max_input_vars doesn't limiting multi-dimensional arrays
Submitted: 2012-01-12 14:14 UTC Modified: 2012-01-21 23:09 UTC
From: sv3tli0 at bgspot dot eu Assigned: frozenfire (profile)
Status: Closed Package: Variables related
PHP Version: 5.3.9 OS: Any
Private report: No CVE-ID: None
 [2012-01-12 14:14 UTC] sv3tli0 at bgspot dot eu
Description:
------------
The max_input_vars doesn't limiting multi-dimensional arrays!
If user post var[] the uploaded array wont be limitted.


Test script:
---------------
<form action="" method="post">
<?php
$max_input_vars = ini_get('max_input_vars');
for ($i=0; $i < $max_input_vars + 5; $i++) {
	echo "<input type='hidden' name='a[]' value='$i'>\n";
}
var_dump($max_input_vars);
var_dump(count($_POST));
?>
<input type="submit">
</form>

Expected result:
----------------
string(4) "1000"
int(1000)

Actual result:
--------------
string(4) "1000"
int(1005)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-12 14:16 UTC] sv3tli0 at bgspot dot eu
I have one miss at the test code! 
var_dump(count($_POST));
must be :
var_dump(count($_POST[a]));
 [2012-01-12 17:34 UTC] rasmus@php.net
The limit is per-nesting level actually because it is protecting against a hash-
collision DoS attack and only elements at the same nesting level can collide. So 
the code is fine, the documentation needs to be clearer.
 [2012-01-12 17:34 UTC] rasmus@php.net
-Type: Security +Type: Documentation Problem
 [2012-01-21 23:09 UTC] frozenfire@php.net
Automatic comment from SVN on behalf of frozenfire
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=322553
Log: Rewrote max_input_vars directive description for clarity, and indicated that this limit applies only to each nesting level of a multidimensional input array. Closes bug #60728.
 [2012-01-21 23:09 UTC] frozenfire@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-01-21 23:09 UTC] frozenfire@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: frozenfire
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Dec 13 05:01:26 2019 UTC