[Phpmyadmin-devel] false alarm for deep recursion

Sebastian Mendel lists at sebastianmendel.de
Tue May 1 08:46:53 CEST 2007


Sebastian Mendel schrieb:
> Marc Delisle schrieb:
>> Hi,
>>
>> In this bug:
>> http://sourceforge.net/tracker/index.php?func=detail&aid=1709463&group_id=23067&atid=377408
>>
>> there are many fields involved and we get a false alarm "possible deep 
>> recursion attack". Do we really need to protect from 1000 recursions 
>> overall? I think that protecting from 1000 recursions for each 
>> superglobal would be correct.
> 
> as it should do currently with
> 
> core.lib.php#474:
> 
> $recursive_counter--;

sorry, i really have currently very short time, thats why i do not have
taken o look nto it, but keep in mind - it should count only into the deep:

as this will not count:

$array[a0001] = ...
$array[a0002] = ...
$array[a0003] = ...
...
$array[a1000] = ...

but only this:


$array[][][][][][][][]...[]

so it confuses me that this limit of 1000 is reached, even for a big table ...




More information about the Developers mailing list