From dbb02a7d8e34dd500ffab4d30e1ae2d8f37dfcd7 Mon Sep 17 00:00:00 2001
From: Stefan Esser
Date: Wed, 12 Feb 2014 13:11:57 +0100
Subject: We need to support PHP's "new" max_input_vars in our treat_data
 handler

---
 treat_data.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'treat_data.c')

diff --git a/treat_data.c b/treat_data.c
index a7e14ca..13eee0a 100644
--- a/treat_data.c
+++ b/treat_data.c
@@ -38,6 +38,10 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
 	zval *array_ptr;
 	int free_buffer = 0;
 	char *strtok_buf = NULL;
+	
+#if PHP_VERSION_ID => 50311
+	long count = 0;
+#endif
 
 	/* Mark that we were not yet called */
 	SUHOSIN_G(already_scanned) = 0;
@@ -139,6 +143,14 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
 		while (*var && *var == ' ') var++;
 
 		val = strchr(var, '=');
+		
+#if PHP_VERSION_ID => 50311
+		if (++count > PG(max_input_vars)) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+			break;
+		}
+#endif
+		
 		if (val) { /* have a value */
 			int val_len;
 			unsigned int new_val_len;
-- 
cgit v1.3