php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #65778 wrong information about introduction of max_input_vars directive
Submitted: 2013-09-28 05:42 UTC Modified: 2013-09-28 10:24 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: ubuntu at spacetrace dot org Assigned:
Status: Not a bug Package: Documentation problem
PHP Version: Irrelevant OS: debian
Private report: No CVE-ID: None
View Developer Edit
 [2013-09-28 05:42 UTC] ubuntu at spacetrace dot org 
Description:
------------
---
From manual page: http://www.php.net/info.configuration
---
It sais max_input_vars is available since PHP 5.3.9.
But I run PHP 5.3.3-7+squeeze17 on my debian server which also already has the directive max_input_vars.

I can change the value in php.ini and it is displayed correctry changed in phpinfo().

Please add information about the behaviour with older versions

see http://stackoverflow.com/questions/19042734/is-there-a-limit-like-max-input-vars-in-versions-before-5-3-9

Test script:
---------------
<?php 
if(!empty($_REQUEST)) echo sizeof($_REQUEST)." num request variables";
else {
	?><form method="post"><?
		for($i=0;$i<1100;$i++) echo '<input type="hidden" value="v'.$i.'" name="v'.$i.'">';
		?><input type="submit">
	</form> 
	<?
}

Expected result:
----------------
after hitting the submit button it should say:
"1100 num request variables"

Actual result:
--------------
still "1000 num request variables"
although phpinfo() sais: max_input_vars is set to 100000
see
http://r.z11.de/paste/max_input_vars.php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-28 05:51 UTC] ubuntu at spacetrace dot org 
tested in PHP 5.3.3-7+squeeze17 without suhosin module
 [2013-09-28 07:32 UTC] ubuntu at spacetrace dot org 
although the value somehow exists and works if you select a value below 1000: 

if I change the value for max_input_vars to 900 and run the test script above, I get:

"901 num request variables"
 [2013-09-28 08:46 UTC] rasmus@php.net
-Status: Open +Status: Not a bug
 [2013-09-28 08:46 UTC] rasmus@php.net 
That is because your distribution backported it from PHP 5.3.9. We can't 
possibly document every patched PHP out there. We document the versions we made 
the changes in. If you are running a modified version of what we released you 
need to be aware of what modifications have been made yourself.

In your case you should be looking at:

http://ftp-master.metadata.debian.org/changelogs//main/p/php5/php5_5.3.3-
7+squeeze17_changelog
 [2013-09-28 09:44 UTC] ubuntu at spacetrace dot org 
So I would have to commit a bug in the debian bugtracking system?
 [2013-09-28 10:24 UTC] ubuntu at spacetrace dot org 
I committed the bug to debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724817
 [2013-09-28 10:32 UTC] kaplanlior at gmail dot com 
Only if you wish to complain to Debian about backporting security patches for your PHP...
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Apr 03 22:01:31 2025 UTC