>> As mentioned on IRC, a function signature of "array >> parse_urlencoded(string $s)" would be useful too; the separated logic >> would allow for avoiding max_input_vars altogether and not having to >> worry about parameter name mangling (variable name rules). The nasty >> part is that much of the treat_data code would have to be duplicated >> (I think). >> >> Besides that, applying the hash randomisation patch to only userland >> arrays would make the max_input_vars less critical and at the same >> time avoid breaking opcode caches and other low-level dependencies. > > Sure, but this is a longer-term fix. Right now I am more concerned about > the fact that we broke code that worked fine in PHP 5.3.8 without any > way to make it work safely.
I guess this looks acceptable then: ini_set('max_input_vars', 5000); parse_str($s, $arr); ini_restore('max_input_vars'); Although, arguably the last statement would not be needed, since all input has already been processed ;-) -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php