<br><br><div class="gmail_quote">On Sun, Aug 7, 2011 at 5:01 PM, Tyron Madlener <span dir="ltr"><<a href="mailto:tyronx@gmail.com" target="_blank">tyronx@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On Sun, Aug 7, 2011 at 2:06 PM, Marc Delisle <<a href="mailto:marc@infomarc.info" target="_blank">marc@infomarc.info</a>> wrote:<br>
> Le 2011-08-06 07:59, Madhura Jayaratne a écrit :<br>
>> Hi all,<br>
>><br>
>> While attending to a bug [1], I came across the following.<br>
>> Suhosin imposes a limit of 512 on the length of the variable that can be<br>
>> passed via a GET [2]. This is often problematic as in PMA we encounter long<br>
>> parameters (long sql queries, where clauses when no unique key is there<br>
>> etc). Due to the same problem [3] $cfg['LinkLengthLimit'] configuration was<br>
>> lowered to more stricter 1000 from 2000, which is more acceptable.<br>
>><br>
>> In this particular bug the problem is that, though the URL length is under<br>
>> 1000, one parameter, 'sql_query', violates the Suhosin limit. What<br>
>> should be our stand on this. Should we adhere to Suhosin default values?<br>
>><br>
>> In 3.5 we have a possible solution for this [4] and we can still lower<br>
>> $cfg['LinkLengthLimit'] value without losing the look and feel. However this<br>
>> needs to have JS enabled and I'm not sure whether we want to impose that<br>
>> condition for the 3.4 series.<br>
><br>
> Madhura,<br>
> see Documentation.html, FAQ 1.38. You might want to add a suggestion<br>
> there about suhosin.get.max_value_length.<br>
><br>
> As you can deduce from this FAQ entry, it was not our intention to adapt<br>
> to Suhosin's limits.<br>
<br>
</div>Would there be any problem in using min($cfg['LinkLengthLimit'],<br>
[suhoins max length]) for pma?<br></blockquote><div><br></div><div>Suhosin imposes a limit on the length of a single value passed via a GET, not on the length of the entire URL, so if we are to adhere to it we need to change the code a bit. And further if we do not wish to comply with it I do not see a point in doing so.</div>
</div><br>-- <br>Thanks and Regards,<div><br></div><div>Madhura Jayaratne<br><div><br></div></div><br>