Rewrote max_input_vars directive description for clarity, and indicated that this limit applies only to each nesting level of a multidimensional input array. Closes bug #60728.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@322553 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-16 00:48:54 +00:00 · 2012-01-21 23:09:07 +00:00 · 2012-01-21 23:09:07 +00:00 · 8a3d8d125a
commit 8a3d8d125a
parent 062f5a69cd
1 changed files with 6 additions and 5 deletions
--- a/reference/info/ini.xml
+++ b/reference/info/ini.xml
@ -261,11 +261,12 @@
    <listitem>
     <para>
      How many <link linkend="language.variables.external">input
-      variables</link> may be accepted. Available mainly for security reasons
-      to avoid hash collisions attacks. If there would be more variables in
-      any of <varname>$_GET</varname>, <varname>$_POST</varname>, ... arrays
-      then <constant>E_WARNING</constant> is issued and extra variables are
-      ignored.
+      variables</link> may be accepted. Use of this directive mitigates
+      the possibility of denial of service attacks which use hash collisions.
+      If there are more input variables than specified by this directive,
+      an <constant>E_WARNING</constant> is issued, and further input
+      variables are truncated from the request. This limit applies only
+      to each nesting level of a multi-dimensional input array.
     </para>
    </listitem>
   </varlistentry>