[Phpmyadmin-devel] false alarm for deep recursion
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Tue May 1 14:20:16 CEST 2007
Sebastian Mendel a écrit :
> Marc Delisle schrieb:
>> Hi,
>>
>> In this bug:
>> http://sourceforge.net/tracker/index.php?func=detail&aid=1709463&group_id=23067&atid=377408
>>
>> there are many fields involved and we get a false alarm "possible deep
>> recursion attack". Do we really need to protect from 1000 recursions
>> overall? I think that protecting from 1000 recursions for each
>> superglobal would be correct.
>
> as it should do currently with
>
> core.lib.php#474:
>
> $recursive_counter--;
Ok, in 2.10.x this is
$recursive_counter++;
I'll backport this fix from trunk.
Marc
More information about the Developers
mailing list