On Mon, 13 Feb 2012 00:08:45 +0100 martin at v.loewis.de wrote: > > >> b) of limited use for existing installations which won't use the API. > > > > Obviously it won't fix vulnerabilities due to some other API. If you > > propose other APIs we can also fix them. > > No, you are missing my point. I assume you proposed (even though you > didn't say so explicitly) that parse_qs gets an opt-in API change to > limit the number of parameters. If that is added, it will have no > effect on any existing applications, as they will all currently not > pass that parameter. No, I said it would include a default value of (say) 1000 parameters. That default value would be applied to anyone doesn't use the new API. (the reason I'm proposing a new API is to allow people to change or disable the limit, in case they really want to pass a large number of parameters) Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4