[Phpmyadmin-devel] Limits imposed by Suhosin

Madhura Jayaratne madhura.cj at gmail.com
Sat Aug 6 13:59:02 CEST 2011


Hi all,

While attending to a bug [1], I came across the following.
Suhosin imposes a limit of 512 on the length of the variable that can be
passed via a GET [2]. This is often problematic as in PMA we encounter long
parameters (long sql queries, where clauses when no unique key is there
etc). Due to the same problem [3] $cfg['LinkLengthLimit'] configuration was
lowered to more stricter 1000 from 2000, which is more acceptable.

In this particular bug the problem is that, though the URL length is under
1000, one parameter, 'sql_query', violates the Suhosin limit. What
should be our stand on this. Should we adhere to Suhosin default values?

In 3.5 we have a possible solution for this [4] and we can still lower
$cfg['LinkLengthLimit'] value without losing the look and feel. However this
needs to have JS enabled and I'm not sure whether we want to impose that
condition for the 3.4 series.

-- 
Thanks and Regards,

Madhura Jayaratne

[1]
https://sourceforge.net/tracker/?func=detail&atid=377408&aid=3380946&group_id=23067
[2]
http://www.hardened-php.net/suhosin/configuration.html#suhosin.get.max_value_length
[3]
https://sourceforge.net/tracker/?func=detail&aid=3358750&group_id=23067&atid=377408
[4] https://sourceforge.net/mailarchive/message.php?msg_id=27839987
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110806/b4d4da09/attachment.html>


More information about the Developers mailing list