diff options
| author | Dmitry Stogov <dmitry@php.net> | 2011-12-15 10:31:02 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2011-12-15 10:31:02 +0000 |
| commit | e467a791d3111438ea1160c22b986d24bd09450e (patch) | |
| tree | bd61ecf725e4b574085f1f09d67c84958709fc7d | |
| parent | 4dfd69e84ba45c5c8ac2bdfb324100359efacb8d (diff) | |
| download | php-git-e467a791d3111438ea1160c22b986d24bd09450e.tar.gz | |
Added max_input_vars directive to prevent attacks based on hash collisions
| -rwxr-xr-x | UPGRADING | 4 | ||||
| -rw-r--r-- | php.ini-development | 3 | ||||
| -rw-r--r-- | php.ini-production | 3 |
3 files changed, 10 insertions, 0 deletions
@@ -75,6 +75,10 @@ UPGRADE NOTES - PHP 5.4 - safe_mode_protected_env_vars - zend.ze1_compatibility_mode +- the following new directives were added + + - max_input_vars - specifies how many GET/POST/COOKIE input variables may be + accepted. default value 1000. ============================= 2. Reserved words and classes diff --git a/php.ini-development b/php.ini-development index e970570460..e6a0f6dcc1 100644 --- a/php.ini-development +++ b/php.ini-development @@ -397,6 +397,9 @@ max_input_time = 60 ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit memory_limit = 128M diff --git a/php.ini-production b/php.ini-production index 11cb31c437..5a1052fcfe 100644 --- a/php.ini-production +++ b/php.ini-production @@ -397,6 +397,9 @@ max_input_time = 60 ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit memory_limit = 128M |