From a099e0d2f6f722e4acfabc51071c8d6587622ecb Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 15 Dec 2011 10:31:02 +0000
Subject: [PATCH] Added max_input_vars directive to prevent attacks based on
 hash collisions

---
 UPGRADING           | 5 +++++
 php.ini-development | 3 +++
 php.ini-production  | 3 +++
 3 files changed, 11 insertions(+)

diff --git a/UPGRADING b/UPGRADING
index f4b56b1c2a..f8bfa829e7 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -82,6 +82,11 @@ UPGRADE NOTES - PHP X.Y
   - safe_mode_protected_env_vars
   - zend.ze1_compatibility_mode
 
+- the following new directives were added
+
+  - max_input_vars - specifies how many GET/POST/COOKIE input variables may be
+    accepted. default value 1000. 
+
 =============================
 2. Reserved words and classes
 =============================
diff --git a/php.ini-development b/php.ini-development
index e970570460..e6a0f6dcc1 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -397,6 +397,9 @@ max_input_time = 60
 ; http://php.net/max-input-nesting-level
 ;max_input_nesting_level = 64
 
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
 ; Maximum amount of memory a script may consume (128MB)
 ; http://php.net/memory-limit
 memory_limit = 128M
diff --git a/php.ini-production b/php.ini-production
index 11cb31c437..5a1052fcfe 100644
--- a/php.ini-production
+++ b/php.ini-production
@@ -397,6 +397,9 @@ max_input_time = 60
 ; http://php.net/max-input-nesting-level
 ;max_input_nesting_level = 64
 
+; How many GET/POST/COOKIE input variables may be accepted
+; max_input_vars = 1000
+
 ; Maximum amount of memory a script may consume (128MB)
 ; http://php.net/memory-limit
 memory_limit = 128M
-- 
2.50.0