>> As mentioned on IRC, a function signature of "array
>> parse_urlencoded(string $s)" would be useful too; the separated logic
>> would allow for avoiding max_input_vars altogether and not having to
>> worry about parameter name mangling (variable name rules). The nasty
>> part is that much of the treat_data code would have to be duplicated
>> (I think).
>>
>> Besides that, applying the hash randomisation patch to only userland
>> arrays would make the max_input_vars less critical and at the same
>> time avoid breaking opcode caches and other low-level dependencies.
>
> Sure, but this is a longer-term fix. Right now I am more concerned about
> the fact that we broke code that worked fine in PHP 5.3.8 without any
> way to make it work safely.
I guess this looks acceptable then:
ini_set('max_input_vars', 5000);
parse_str($s, $arr);
ini_restore('max_input_vars');
Although, arguably the last statement would not be needed, since all
input has already been processed ;-)
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
