dmitry Thu, 15 Dec 2011 10:31:02 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=321040
Log:
Added max_input_vars directive to prevent attacks based on hash collisions
Changed paths:
U php/php-src/branches/PHP_5_3/UPGRADING
U php/php-src/branches/PHP_5_3/php.ini-development
U php/php-src/branches/PHP_5_3/php.ini-production
U php/php-src/branches/PHP_5_4/UPGRADING
U php/php-src/branches/PHP_5_4/php.ini-development
U php/php-src/branches/PHP_5_4/php.ini-production
U php/php-src/trunk/UPGRADING
U php/php-src/trunk/php.ini-development
U php/php-src/trunk/php.ini-production
Modified: php/php-src/branches/PHP_5_3/UPGRADING
===================================================================
--- php/php-src/branches/PHP_5_3/UPGRADING 2011-12-15 09:16:31 UTC (rev
321039)
+++ php/php-src/branches/PHP_5_3/UPGRADING 2011-12-15 10:31:02 UTC (rev
321040)
@@ -163,6 +163,11 @@
xsl.security_prefs. This option will be marked as deprecated in 5.4 again.
Use the method XsltProcess::setSecurityPrefs($options) there.
+- the following new directives were added
+
+ - max_input_vars - specifies how many GET/POST/COOKIE input variables may be
+ accepted. default value 1000.
+
=============
5. Deprecated
=============
Modified: php/php-src/branches/PHP_5_3/php.ini-development
===================================================================
--- php/php-src/branches/PHP_5_3/php.ini-development 2011-12-15 09:16:31 UTC
(rev 321039)
+++ php/php-src/branches/PHP_5_3/php.ini-development 2011-12-15 10:31:02 UTC
(rev 321040)
@@ -457,6 +457,9 @@
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
Modified: php/php-src/branches/PHP_5_3/php.ini-production
===================================================================
--- php/php-src/branches/PHP_5_3/php.ini-production 2011-12-15 09:16:31 UTC
(rev 321039)
+++ php/php-src/branches/PHP_5_3/php.ini-production 2011-12-15 10:31:02 UTC
(rev 321040)
@@ -457,6 +457,9 @@
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
Modified: php/php-src/branches/PHP_5_4/UPGRADING
===================================================================
--- php/php-src/branches/PHP_5_4/UPGRADING 2011-12-15 09:16:31 UTC (rev
321039)
+++ php/php-src/branches/PHP_5_4/UPGRADING 2011-12-15 10:31:02 UTC (rev
321040)
@@ -75,7 +75,11 @@
- safe_mode_protected_env_vars
- zend.ze1_compatibility_mode
+- the following new directives were added
+ - max_input_vars - specifies how many GET/POST/COOKIE input variables may be
+ accepted. default value 1000.
+
=============================
2. Reserved words and classes
=============================
Modified: php/php-src/branches/PHP_5_4/php.ini-development
===================================================================
--- php/php-src/branches/PHP_5_4/php.ini-development 2011-12-15 09:16:31 UTC
(rev 321039)
+++ php/php-src/branches/PHP_5_4/php.ini-development 2011-12-15 10:31:02 UTC
(rev 321040)
@@ -397,6 +397,9 @@
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
Modified: php/php-src/branches/PHP_5_4/php.ini-production
===================================================================
--- php/php-src/branches/PHP_5_4/php.ini-production 2011-12-15 09:16:31 UTC
(rev 321039)
+++ php/php-src/branches/PHP_5_4/php.ini-production 2011-12-15 10:31:02 UTC
(rev 321040)
@@ -397,6 +397,9 @@
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
Modified: php/php-src/trunk/UPGRADING
===================================================================
--- php/php-src/trunk/UPGRADING 2011-12-15 09:16:31 UTC (rev 321039)
+++ php/php-src/trunk/UPGRADING 2011-12-15 10:31:02 UTC (rev 321040)
@@ -82,6 +82,11 @@
- safe_mode_protected_env_vars
- zend.ze1_compatibility_mode
+- the following new directives were added
+
+ - max_input_vars - specifies how many GET/POST/COOKIE input variables may be
+ accepted. default value 1000.
+
=============================
2. Reserved words and classes
=============================
Modified: php/php-src/trunk/php.ini-development
===================================================================
--- php/php-src/trunk/php.ini-development 2011-12-15 09:16:31 UTC (rev
321039)
+++ php/php-src/trunk/php.ini-development 2011-12-15 10:31:02 UTC (rev
321040)
@@ -397,6 +397,9 @@
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
Modified: php/php-src/trunk/php.ini-production
===================================================================
--- php/php-src/trunk/php.ini-production 2011-12-15 09:16:31 UTC (rev
321039)
+++ php/php-src/trunk/php.ini-production 2011-12-15 10:31:02 UTC (rev
321040)
@@ -397,6 +397,9 @@
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
