Added max_input_vars directive to prevent attacks based on hash collisions

author: Dmitry Stogov <dmitry@php.net> 2011-12-15 10:31:02 +0000
committer: Dmitry Stogov <dmitry@php.net> 2011-12-15 10:31:02 +0000
commit: b8a08bf263d03c26da5f475f96a1d66eb566d874 (patch)
tree: 5989160169fda6ed8f9b052e55aa29182313a529 /UPGRADING
parent: 0d1998e34ff487aab6451963d60697dd5b5b0115 (diff)
download: php-git-b8a08bf263d03c26da5f475f96a1d66eb566d874.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index 1b6c3cc33b..fce04afa49 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -163,6 +163,11 @@ UPGRADE NOTES - PHP 5.3
   xsl.security_prefs. This option will be marked as deprecated in 5.4 again. 
   Use the method XsltProcess::setSecurityPrefs($options) there.
 
+- the following new directives were added
+
+  - max_input_vars - specifies how many GET/POST/COOKIE input variables may be
+    accepted. default value 1000. 
+
 =============
 5. Deprecated
 =============
author	Dmitry Stogov <dmitry@php.net>	2011-12-15 10:31:02 +0000
committer	Dmitry Stogov <dmitry@php.net>	2011-12-15 10:31:02 +0000
commit	b8a08bf263d03c26da5f475f96a1d66eb566d874 (patch)
tree	5989160169fda6ed8f9b052e55aa29182313a529 /UPGRADING
parent	0d1998e34ff487aab6451963d60697dd5b5b0115 (diff)
download	php-git-b8a08bf263d03c26da5f475f96a1d66eb566d874.tar.gz