Debian Bug report logs - #602812
php5: a posted array limited to 999 elements

version graph

Package: php-suhosin; Maintainer for php-suhosin is (unknown);

Reported by: Richard Limanowski <r.limanowski@nttcable.de>

Date: Mon, 8 Nov 2010 12:57:02 UTC

Severity: normal

Tags: confirmed, moreinfo, unreproducible

Fixed in version 0.9.33-3+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Mon, 08 Nov 2010 12:57:05 GMT) (full text, mbox, link).

Acknowledgement sent to Richard Limanowski <r.limanowski@nttcable.de>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 08 Nov 2010 12:57:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Richard Limanowski <r.limanowski@nttcable.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php5: a posted array limited to 999 elements
Date: Mon, 08 Nov 2010 13:56:03 +0100
Package: php5
Version: 5.3.2-2
Severity: important

Posting the content of a form containing more than 1000 checkboxes
yields an array of maximum 999 elements. Here ist a test-case:

<?
if (isset($_POST['Action']) && ($_POST['Action'] == 'do_it')) {
   echo count($_POST['SEL']);
}
else {
  echo "<form method=post><input type=submit name=Action value=do_it>\n";
  for ($i = 0; $i <= 2000; $i ++) 
    echo "$i <input type=checkbox name='SEL[]' checked value=$i>\n", 
  echo "</form>\n";
}
?>

Regards
Richard Limanowski

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php5 depends on:
ii  libapache2-mod-php5           5.3.2-2    server-side, HTML-embedded scripti
ii  php5-common                   5.3.2-2    Common files for packages built fr

php5 recommends no packages.

php5 suggests no packages.

-- no debconf information

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Mon, 08 Nov 2010 15:03:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 08 Nov 2010 15:03:03 GMT) (full text, mbox, link).

Message #10 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: Richard Limanowski <r.limanowski@nttcable.de>, 602812@bugs.debian.org
Subject: Re: [php-maint] Bug#602812: php5: a posted array limited to 999 elements
Date: Mon, 8 Nov 2010 15:57:55 +0100
severity 602812 normal
tag 602812 +unreproducible
thank you

1) please read an info on bug severities:
http://www.debian.org/Bugs/Developer#severities

2) have you tried setting bigger post_max_size? Your test script works
just fine on my system. I guess it will be more a configuration issue
on your side than some arbitrary hidden limit in a php5.

Ondrej

On Mon, Nov 8, 2010 at 13:56, Richard Limanowski
<r.limanowski@nttcable.de> wrote:
> Package: php5
> Version: 5.3.2-2
> Severity: important
>
> Posting the content of a form containing more than 1000 checkboxes
> yields an array of maximum 999 elements. Here ist a test-case:
>
> <?
> if (isset($_POST['Action']) && ($_POST['Action'] == 'do_it')) {
>   echo count($_POST['SEL']);
> }
> else {
>  echo "<form method=post><input type=submit name=Action value=do_it>\n";
>  for ($i = 0; $i <= 2000; $i ++)
>    echo "$i <input type=checkbox name='SEL[]' checked value=$i>\n",
>  echo "</form>\n";
> }
> ?>
>
> Regards
> Richard Limanowski
>
> -- System Information:
> Debian Release: squeeze/sid
>  APT prefers testing
>  APT policy: (500, 'testing')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
> Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5 depends on:
> ii  libapache2-mod-php5           5.3.2-2    server-side, HTML-embedded scripti
> ii  php5-common                   5.3.2-2    Common files for packages built fr
>
> php5 recommends no packages.
>
> php5 suggests no packages.
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Severity set to 'normal' from 'important' Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Mon, 08 Nov 2010 15:03:05 GMT) (full text, mbox, link).

Added tag(s) unreproducible. Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Mon, 08 Nov 2010 15:03:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Tue, 11 Jan 2011 14:21:06 GMT) (full text, mbox, link).

Acknowledgement sent to Mattias Nordstrom <mnordstr@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Tue, 11 Jan 2011 14:21:06 GMT) (full text, mbox, link).

Message #19 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Mattias Nordstrom <mnordstr@debian.org>
To: 602812@bugs.debian.org
Subject: I can reproduce it
Date: Tue, 11 Jan 2011 16:09:32 +0200
Hi,

This seems to be an actual bug. On a freshly installed Squeeze box
normal PHP applications fail as forms don't work with array fields over
1000 elements. This also happens on my sid development box. I installed
an original source PHP 5.3.3 and there it doesn't happen == works.

My test code:

== BEGIN (filename: form-test.php) ==

<html>
<body>

<?php

$count = 2000;

if (!empty($_REQUEST['test'])) {
print "Count: ".count($_REQUEST['test']).", should be $count.<br><br>\n";
print_r($_REQUEST);

}

?>

<form action="form-test.php" method="post">
<?php


for ($i=0; $i<$count; $i++) {
  echo "<input type='hidden' name='test[]' value='$i' />\n";
}

?>

<input type='submit' name='submit' value='submit'></form>

</body>
</html>

== END ==


If this is an actual bug it is quite serious as it can easily cause data
corruption in databases among other things.

Regards,
Mattias Nordström

Added tag(s) confirmed. Request was from Ondřej Surý <ondrej@sury.org> to control@bugs.debian.org. (Tue, 11 Jan 2011 16:06:08 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Wed, 12 Jan 2011 09:48:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Wed, 12 Jan 2011 09:48:03 GMT) (full text, mbox, link).

Message #26 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: Mattias Nordstrom <mnordstr@debian.org>, Richard Limanowski <r.limanowski@nttcable.de>, 602812@bugs.debian.org
Subject: Re: [php-maint] Bug#602812: I can reproduce it
Date: Wed, 12 Jan 2011 10:44:48 +0100
Hi Mattias and Richard,

I was able to confirm that the bug exists in the debian php (and
upstream is fine). I am now in process of testing which patch may
cause this, but it may take while, because Debian's 5.3.3-7 has
accumulated quite a lot of cherry picked upstream patches.

Ondrej

On Tue, Jan 11, 2011 at 15:09, Mattias Nordstrom <mnordstr@debian.org> wrote:
> Hi,
>
> This seems to be an actual bug. On a freshly installed Squeeze box
> normal PHP applications fail as forms don't work with array fields over
> 1000 elements. This also happens on my sid development box. I installed
> an original source PHP 5.3.3 and there it doesn't happen == works.
>
> My test code:
>
> == BEGIN (filename: form-test.php) ==
>
> <html>
> <body>
>
> <?php
>
> $count = 2000;
>
> if (!empty($_REQUEST['test'])) {
> print "Count: ".count($_REQUEST['test']).", should be $count.<br><br>\n";
> print_r($_REQUEST);
>
> }
>
> ?>
>
> <form action="form-test.php" method="post">
> <?php
>
>
> for ($i=0; $i<$count; $i++) {
>  echo "<input type='hidden' name='test[]' value='$i' />\n";
> }
>
> ?>
>
> <input type='submit' name='submit' value='submit'></form>
>
> </body>
> </html>
>
> == END ==
>
>
> If this is an actual bug it is quite serious as it can easily cause data
> corruption in databases among other things.
>
> Regards,
> Mattias Nordström
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Thu, 10 Feb 2011 12:00:07 GMT) (full text, mbox, link).

Acknowledgement sent to Derick Rethans <derick@php.net>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 10 Feb 2011 12:00:07 GMT) (full text, mbox, link).

Message #31 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Derick Rethans <derick@php.net>
To: 602812@bugs.debian.org
Subject: Suhosin setting
Date: Thu, 10 Feb 2011 11:46:35 +0000 (GMT)
Hi!

this is probably caused by one of the Suhosin settings: 
http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.max_array_depth

regards,
Derick
-- 
http://derickrethans.nl | http://xdebug.org
Like Xdebug? Consider a donation: http://xdebug.org/donate.php
twitter: @derickr and @xdebug

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Thu, 10 Feb 2011 12:39:06 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 10 Feb 2011 12:39:06 GMT) (full text, mbox, link).

Message #36 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: Derick Rethans <derick@php.net>, 602812@bugs.debian.org
Subject: Re: [php-maint] Bug#602812: Suhosin setting
Date: Thu, 10 Feb 2011 13:35:57 +0100
php5-suhosin is not installed by default, so I don't think so. It has
happened in some of the patches we pulled from upstream, but I didn't
have a proper time to bisect where it was introduced.

O.

On Thu, Feb 10, 2011 at 12:46, Derick Rethans <derick@php.net> wrote:
> Hi!
>
> this is probably caused by one of the Suhosin settings:
> http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.max_array_depth
>
> regards,
> Derick
> --
> http://derickrethans.nl | http://xdebug.org
> Like Xdebug? Consider a donation: http://xdebug.org/donate.php
> twitter: @derickr and @xdebug
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Wed, 16 Feb 2011 16:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Wed, 16 Feb 2011 16:51:03 GMT) (full text, mbox, link).

Message #41 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: Richard Limanowski <r.limanowski@nttcable.de>, 602812@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: [php-maint] Bug#602812: php5: a posted array limited to 999 elements
Date: Wed, 16 Feb 2011 17:46:13 +0100
Richard, could you please retest with 5.3.5-1 which I just uploaded to unstable?

That would help narrow down the patch which is causing that.

O.

On Mon, Nov 8, 2010 at 13:56, Richard Limanowski
<r.limanowski@nttcable.de> wrote:
> Package: php5
> Version: 5.3.2-2
> Severity: important
>
> Posting the content of a form containing more than 1000 checkboxes
> yields an array of maximum 999 elements. Here ist a test-case:
>
> <?
> if (isset($_POST['Action']) && ($_POST['Action'] == 'do_it')) {
>   echo count($_POST['SEL']);
> }
> else {
>  echo "<form method=post><input type=submit name=Action value=do_it>\n";
>  for ($i = 0; $i <= 2000; $i ++)
>    echo "$i <input type=checkbox name='SEL[]' checked value=$i>\n",
>  echo "</form>\n";
> }
> ?>
>
> Regards
> Richard Limanowski
>
> -- System Information:
> Debian Release: squeeze/sid
>  APT prefers testing
>  APT policy: (500, 'testing')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
> Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5 depends on:
> ii  libapache2-mod-php5           5.3.2-2    server-side, HTML-embedded scripti
> ii  php5-common                   5.3.2-2    Common files for packages built fr
>
> php5 recommends no packages.
>
> php5 suggests no packages.
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Mon, 21 Feb 2011 07:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Mattias Nordström <mattias.nordstrom@sysnor.fi>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 21 Feb 2011 07:45:03 GMT) (full text, mbox, link).

Message #46 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Mattias Nordström <mattias.nordstrom@sysnor.fi>
To: Ondřej Surý <ondrej@debian.org>, "602812@bugs.debian.org" <602812@bugs.debian.org>, Richard Limanowski <r.limanowski@nttcable.de>
Subject: RE: Bug#602812: [php-maint] Bug#602812: php5: a posted array limited to 999 elements
Date: Mon, 21 Feb 2011 09:37:08 +0200
Hi,

I tested my own test script with the new PHP packages but the same issue remains.

Regards,
Mattias


-----Original Message-----
From: ondrej@sury.org [mailto:ondrej@sury.org] On Behalf Of Ondrej Surý
Sent: 16. helmikuuta 2011 18:46
To: Richard Limanowski; 602812@bugs.debian.org
Cc: Debian Bug Tracking System
Subject: Bug#602812: [php-maint] Bug#602812: php5: a posted array limited to 999 elements

Richard, could you please retest with 5.3.5-1 which I just uploaded to unstable?

That would help narrow down the patch which is causing that.

O.

On Mon, Nov 8, 2010 at 13:56, Richard Limanowski
<r.limanowski@nttcable.de> wrote:
> Package: php5
> Version: 5.3.2-2
> Severity: important
>
> Posting the content of a form containing more than 1000 checkboxes
> yields an array of maximum 999 elements. Here ist a test-case:
>
> <?
> if (isset($_POST['Action']) && ($_POST['Action'] == 'do_it')) {
>   echo count($_POST['SEL']);
> }
> else {
>  echo "<form method=post><input type=submit name=Action value=do_it>\n";
>  for ($i = 0; $i <= 2000; $i ++)
>    echo "$i <input type=checkbox name='SEL[]' checked value=$i>\n",
>  echo "</form>\n";
> }
> ?>
>
> Regards
> Richard Limanowski
>
> -- System Information:
> Debian Release: squeeze/sid
>  APT prefers testing
>  APT policy: (500, 'testing')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
> Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages php5 depends on:
> ii  libapache2-mod-php5           5.3.2-2    server-side, HTML-embedded scripti
> ii  php5-common                   5.3.2-2    Common files for packages built fr
>
> php5 recommends no packages.
>
> php5 suggests no packages.
>
> -- no debconf information
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/



-- 
To unsubscribe, send mail to 602812-unsubscribe@bugs.debian.org.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#602812; Package php5. (Mon, 21 Feb 2011 08:09:06 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Mon, 21 Feb 2011 08:09:06 GMT) (full text, mbox, link).

Message #51 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: Derick Rethans <derick@php.net>, 602812@bugs.debian.org, control <control@bugs.debian.org>
Subject: Re: [php-maint] Bug#602812: Suhosin setting
Date: Mon, 21 Feb 2011 09:06:16 +0100
reassign 602812 php-suhosin
thank you

Hi Derick,

I have had time to retest the issue and you were right. The issue is
in fact caused by php5-suhosin module (not the patch).

Thanks for the hint, I forgot that the new behaviour of apt is to
install Recommends as well, so php5-suhosin get installed by default
when doing apt-get install libapache2-mod-php5.

Regards,
Ondrej

On Thu, Feb 10, 2011 at 12:46, Derick Rethans <derick@php.net> wrote:
> Hi!
>
> this is probably caused by one of the Suhosin settings:
> http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.max_array_depth
>
> regards,
> Derick
> --
> http://derickrethans.nl | http://xdebug.org
> Like Xdebug? Consider a donation: http://xdebug.org/donate.php
> twitter: @derickr and @xdebug
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Bug reassigned from package 'php5' to 'php-suhosin'. Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Mon, 21 Feb 2011 08:09:12 GMT) (full text, mbox, link).

Bug No longer marked as found in versions php5/5.3.2-2. Request was from Ondřej Surý <ondrej@debian.org> to control@bugs.debian.org. (Mon, 21 Feb 2011 08:09:12 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, php-suhosin maintainers <php-suhosin-maintainers@ml.snow-crash.org>:
Bug#602812; Package php-suhosin. (Mon, 21 Feb 2011 08:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Alexander Wirt <formorer@formorer.de>:
Extra info received and forwarded to list. Copy sent to php-suhosin maintainers <php-suhosin-maintainers@ml.snow-crash.org>. (Mon, 21 Feb 2011 08:18:03 GMT) (full text, mbox, link).

Message #60 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Alexander Wirt <formorer@formorer.de>
To: Ondřej Surý <ondrej@debian.org>
Cc: Derick Rethans <derick@php.net>, 602812@bugs.debian.org
Subject: Re: [php-maint] Bug#602812: Suhosin setting
Date: Mon, 21 Feb 2011 09:15:11 +0100
tag 602812 moreinfo
thanks

Hi, 

why do you think this is a bug - I guess you think so as you reassigned it to
suhosin? 

Alex

Added tag(s) moreinfo. Request was from Alexander Wirt <formorer@formorer.de> to control@bugs.debian.org. (Mon, 21 Feb 2011 08:18:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, php-suhosin maintainers <php-suhosin-maintainers@ml.snow-crash.org>:
Bug#602812; Package php-suhosin. (Mon, 21 Feb 2011 08:21:08 GMT) (full text, mbox, link).

Acknowledgement sent to Mattias Nordström <mattias.nordstrom@sysnor.fi>:
Extra info received and forwarded to list. Copy sent to php-suhosin maintainers <php-suhosin-maintainers@ml.snow-crash.org>. (Mon, 21 Feb 2011 08:21:08 GMT) (full text, mbox, link).

Message #67 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Mattias Nordström <mattias.nordstrom@sysnor.fi>
To: Ondřej Surý <ondrej@debian.org>, "602812@bugs.debian.org" <602812@bugs.debian.org>, Derick Rethans <derick@php.net>, control <control@bugs.debian.org>
Subject: RE: Bug#602812: [php-maint] Bug#602812: Suhosin setting
Date: Mon, 21 Feb 2011 10:19:38 +0200
Hi,

I got my test working by changing the following php5-suhosin settings to larger values (both required):

Suhosin.post.max_vars
Suhosin.request.max_vars

Regards,
Mattias


-----Original Message-----
From: ondrej@sury.org [mailto:ondrej@sury.org] On Behalf Of Ondrej Surý
Sent: 21. helmikuuta 2011 10:06
To: Derick Rethans; 602812@bugs.debian.org; control
Subject: Bug#602812: [php-maint] Bug#602812: Suhosin setting

reassign 602812 php-suhosin
thank you

Hi Derick,

I have had time to retest the issue and you were right. The issue is
in fact caused by php5-suhosin module (not the patch).

Thanks for the hint, I forgot that the new behaviour of apt is to
install Recommends as well, so php5-suhosin get installed by default
when doing apt-get install libapache2-mod-php5.

Regards,
Ondrej

On Thu, Feb 10, 2011 at 12:46, Derick Rethans <derick@php.net> wrote:
> Hi!
>
> this is probably caused by one of the Suhosin settings:
> http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.max_array_depth
>
> regards,
> Derick
> --
> http://derickrethans.nl | http://xdebug.org
> Like Xdebug? Consider a donation: http://xdebug.org/donate.php
> twitter: @derickr and @xdebug
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/



-- 
To unsubscribe, send mail to 602812-unsubscribe@bugs.debian.org.

Information forwarded to debian-bugs-dist@lists.debian.org, php-suhosin maintainers <php-suhosin-maintainers@ml.snow-crash.org>:
Bug#602812; Package php-suhosin. (Mon, 21 Feb 2011 08:33:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@debian.org>:
Extra info received and forwarded to list. Copy sent to php-suhosin maintainers <php-suhosin-maintainers@ml.snow-crash.org>. (Mon, 21 Feb 2011 08:33:03 GMT) (full text, mbox, link).

Message #72 received at 602812@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>
To: Alexander Wirt <formorer@formorer.de>, Richard Limanowski <r.limanowski@nttcable.de>
Cc: 602812@bugs.debian.org
Subject: Re: [php-maint] Bug#602812: Suhosin setting
Date: Mon, 21 Feb 2011 09:28:49 +0100
Hi,

I think it's an error to strip the input variables without printing at
least a warning (to configured output).

(BTW: The configuration variable for php5-suhosin which limits that is
suhosin.request.max_vars and not to suhosin.*.max_array_depth)

But I leave that up to your decision. I only know that it's not the
bug in the php5 itself, hence the reassign.

O.

On Mon, Feb 21, 2011 at 09:15, Alexander Wirt <formorer@formorer.de> wrote:
> tag 602812 moreinfo
> thanks
>
> Hi,
>
> why do you think this is a bug - I guess you think so as you reassigned it to
> suhosin?
>
> Alex
>
>



-- 
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Fri, 02 Dec 2016 13:48:44 GMT) (full text, mbox, link).

Notification sent to Richard Limanowski <r.limanowski@nttcable.de>:
Bug acknowledged by developer. (Fri, 02 Dec 2016 13:48:44 GMT) (full text, mbox, link).

Message #77 received at 602812-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 521198-done@bugs.debian.org,582384-done@bugs.debian.org,584486-done@bugs.debian.org,602812-done@bugs.debian.org,618446-done@bugs.debian.org,647219-done@bugs.debian.org,658228-done@bugs.debian.org,666911-done@bugs.debian.org,674199-done@bugs.debian.org,675169-done@bugs.debian.org,675278-done@bugs.debian.org,675312-done@bugs.debian.org,677093-done@bugs.debian.org,680145-done@bugs.debian.org,696470-done@bugs.debian.org,702522-done@bugs.debian.org,718145-done@bugs.debian.org,752650-done@bugs.debian.org,811326-done@bugs.debian.org,821709-done@bugs.debian.org,
Cc: php-suhosin@packages.debian.org, php-suhosin@packages.qa.debian.org
Subject: Bug#846136: Removed package(s) from unstable
Date: Fri, 02 Dec 2016 13:47:44 +0000
Version: 0.9.33-3+rm

Dear submitter,

as the package php-suhosin has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/846136

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 31 Dec 2016 07:28:17 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 00:52:37 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.