Added max_input_vars directive to prevent attacks based on hash collisions

author: Dmitry Stogov <dmitry@php.net> 2011-12-15 10:31:02 +0000
committer: Dmitry Stogov <dmitry@php.net> 2011-12-15 10:31:02 +0000
commit: a099e0d2f6f722e4acfabc51071c8d6587622ecb (patch)
tree: f27334eec594e55ff532a6d25c10bbf38af1e7cb /UPGRADING
parent: e385335db26a59c8c10db5f360f7d580139a72cd (diff)
download: php-git-a099e0d2f6f722e4acfabc51071c8d6587622ecb.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index f4b56b1c2a..f8bfa829e7 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -82,6 +82,11 @@ UPGRADE NOTES - PHP X.Y
   - safe_mode_protected_env_vars
   - zend.ze1_compatibility_mode
 
+- the following new directives were added
+
+  - max_input_vars - specifies how many GET/POST/COOKIE input variables may be
+    accepted. default value 1000. 
+
 =============================
 2. Reserved words and classes
 =============================
author	Dmitry Stogov <dmitry@php.net>	2011-12-15 10:31:02 +0000
committer	Dmitry Stogov <dmitry@php.net>	2011-12-15 10:31:02 +0000
commit	a099e0d2f6f722e4acfabc51071c8d6587622ecb (patch)
tree	f27334eec594e55ff532a6d25c10bbf38af1e7cb /UPGRADING
parent	e385335db26a59c8c10db5f360f7d580139a72cd (diff)
download	php-git-a099e0d2f6f722e4acfabc51071c8d6587622ecb.tar.gz