[Phpmyadmin-devel] Limits imposed by Suhosin
madhura.cj at gmail.com
Sun Aug 7 13:40:48 CEST 2011
On Sun, Aug 7, 2011 at 5:01 PM, Tyron Madlener <tyronx at gmail.com> wrote:
> On Sun, Aug 7, 2011 at 2:06 PM, Marc Delisle <marc at infomarc.info> wrote:
> > Le 2011-08-06 07:59, Madhura Jayaratne a écrit :
> >> Hi all,
> >> While attending to a bug , I came across the following.
> >> Suhosin imposes a limit of 512 on the length of the variable that can be
> >> passed via a GET . This is often problematic as in PMA we encounter
> >> parameters (long sql queries, where clauses when no unique key is there
> >> etc). Due to the same problem  $cfg['LinkLengthLimit'] configuration
> >> lowered to more stricter 1000 from 2000, which is more acceptable.
> >> In this particular bug the problem is that, though the URL length is
> >> 1000, one parameter, 'sql_query', violates the Suhosin limit. What
> >> should be our stand on this. Should we adhere to Suhosin default values?
> >> In 3.5 we have a possible solution for this  and we can still lower
> >> $cfg['LinkLengthLimit'] value without losing the look and feel. However
> >> needs to have JS enabled and I'm not sure whether we want to impose that
> >> condition for the 3.4 series.
> > Madhura,
> > see Documentation.html, FAQ 1.38. You might want to add a suggestion
> > there about suhosin.get.max_value_length.
> > As you can deduce from this FAQ entry, it was not our intention to adapt
> > to Suhosin's limits.
> Would there be any problem in using min($cfg['LinkLengthLimit'],
> [suhoins max length]) for pma?
Suhosin imposes a limit on the length of a single value passed via a GET,
not on the length of the entire URL, so if we are to adhere to it we need to
change the code a bit. And further if we do not wish to comply with it I do
not see a point in doing so.
Thanks and Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Developers