diff options
| author | Dmitry Stogov <dmitry@php.net> | 2011-12-15 10:31:02 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2011-12-15 10:31:02 +0000 |
| commit | b8a08bf263d03c26da5f475f96a1d66eb566d874 (patch) | |
| tree | 5989160169fda6ed8f9b052e55aa29182313a529 | |
| parent | 0d1998e34ff487aab6451963d60697dd5b5b0115 (diff) | |
| download | php-git-b8a08bf263d03c26da5f475f96a1d66eb566d874.tar.gz | |
Added max_input_vars directive to prevent attacks based on hash collisions
| -rwxr-xr-x | UPGRADING | 5 | ||||
| -rw-r--r-- | php.ini-development | 3 | ||||
| -rw-r--r-- | php.ini-production | 3 |
3 files changed, 11 insertions, 0 deletions
@@ -163,6 +163,11 @@ UPGRADE NOTES - PHP 5.3 xsl.security_prefs. This option will be marked as deprecated in 5.4 again. Use the method XsltProcess::setSecurityPrefs($options) there. +- the following new directives were added + + - max_input_vars - specifies how many GET/POST/COOKIE input variables may be + accepted. default value 1000. + ============= 5. Deprecated ============= diff --git a/php.ini-development b/php.ini-development index b8aef6a374..48cc89fa05 100644 --- a/php.ini-development +++ b/php.ini-development @@ -457,6 +457,9 @@ max_input_time = 60 ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit memory_limit = 128M diff --git a/php.ini-production b/php.ini-production index be3b9708f1..97dbb48580 100644 --- a/php.ini-production +++ b/php.ini-production @@ -457,6 +457,9 @@ max_input_time = 60 ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit memory_limit = 128M |