Edit report at https://bugs.php.net/bug.php?id=60707&edit=1
ID: 60707
Comment by: larue...@php.net
Reported by: vr...@php.net
Summary: max_input_vars allows one extra var
Status: Open
Type: Bug
Package: Variables related
Operating System: Irrelevant
PHP Version: 5.3.9
Block user comment: N
Private report: N
New Comment:
max_input_vars is used to protected from ddos attack, IMO it's not a big deal :)
Previous Comments:
------------------------------------------------------------------------
[2012-01-11 05:15:12] vr...@php.net
Description:
------------
Setting max_input_vars to N allows N+1 variables.
Test script:
---------------
<form action="" method="post">
<?php
$max_input_vars = ini_get('max_input_vars');
for ($i=0; $i < $max_input_vars + 2; $i++) {
echo "<input type='hidden' name='a$i' value='$i'>\n";
}
var_dump($max_input_vars);
var_dump(count($_POST));
?>
<input type="submit">
</form>
Expected result:
----------------
string(4) "1000"
int(1000)
Actual result:
--------------
string(4) "1000"
int(1001)
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60707&edit=1
