Added max_input_vars directive to prevent attacks based on hash collisions

author: Dmitry Stogov <dmitry@php.net> 2011-12-15 08:47:03 +0000
committer: Dmitry Stogov <dmitry@php.net> 2011-12-15 08:47:03 +0000
commit: 0d1998e34ff487aab6451963d60697dd5b5b0115 (patch)
tree: f6c64cf09aab3002ade5f0d48b7780fc98553e64 /main/main.c
parent: 2f0d084ab8228e1e5704a3fb66fb1c9cd6bd411e (diff)
download: php-git-0d1998e34ff487aab6451963d60697dd5b5b0115.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/main/main.c b/main/main.c
index 8e52412cdd..c512f2652d 100644
--- a/main/main.c
+++ b/main/main.c
@@ -512,6 +512,7 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("post_max_size",			"8M",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLong,			post_max_size,			sapi_globals_struct,sapi_globals)
 	STD_PHP_INI_ENTRY("upload_tmp_dir",			NULL,		PHP_INI_SYSTEM,		OnUpdateStringUnempty,	upload_tmp_dir,			php_core_globals,	core_globals)
 	STD_PHP_INI_ENTRY("max_input_nesting_level", "64",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_nesting_level,			php_core_globals,	core_globals)
+	STD_PHP_INI_ENTRY("max_input_vars",			"1000",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_vars,						php_core_globals,	core_globals)
 
 	STD_PHP_INI_ENTRY("user_dir",				NULL,		PHP_INI_SYSTEM,		OnUpdateString,			user_dir,				php_core_globals,	core_globals)
 	STD_PHP_INI_ENTRY("variables_order",		"EGPCS",	PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateStringUnempty,	variables_order,		php_core_globals,	core_globals)
author	Dmitry Stogov <dmitry@php.net>	2011-12-15 08:47:03 +0000
committer	Dmitry Stogov <dmitry@php.net>	2011-12-15 08:47:03 +0000
commit	0d1998e34ff487aab6451963d60697dd5b5b0115 (patch)
tree	f6c64cf09aab3002ade5f0d48b7780fc98553e64 /main/main.c
parent	2f0d084ab8228e1e5704a3fb66fb1c9cd6bd411e (diff)
download	php-git-0d1998e34ff487aab6451963d60697dd5b5b0115.tar.gz