[Vtigercrm-developers] Profiles & max_input_vars

Alan Lord (News) alanslists at gmail.com
Thu Jul 19 01:52:26 PDT 2012


Hi Chaps,

I was seeing something rather strange on my dev server... Whenever I 
edited a profile and saved it, everything below a certain point didn't 
get saved - it all ended up unset below the line:

http://twitpic.com/a999s8/full

I came across this post in a thread which sounded like it made sense:

https://forums.vtiger.com/viewtopic.php?p=75968&sid=ca94fac867d4ee6a6767d09ee2bf5d6c#p75968

So I added a suhosin.ini in my /etc/php5/conf.d and added the following 
lines:

; Override some of the defaults
suhosin.get.max_vars 500
suhosin.post.max_vars 500

I restarted apache but it still happened.

In the apache error log was the cluebat I was looking for :-)

[Thu Jul 19 09:24:53 2012] [error] [client ....] PHP Warning:  Unknown: 
Input variables exceeded 1000. To increase the limit change 
max_input_vars in php.ini. in Unknown on line 0, referer: http://...

So I set max_input_vars to 1500 and it worked!

The suhosin settings mentioned above had no noticeable effect so I 
removed them.

The server in question is Ubuntu 12.04 64bit and according to phpinfo(); 
it does have the Suhosin patch.

This max_input_vars information probably needs to be mentioned somewhere 
like the Wiki I guess.

According to this post, it seems to be a fairly recent addition to php:

http://www.nivas.hr/blog/2012/04/04/beware-of-max_input_vars-php-ini-configuration-option/

I don't like applying this globally to Apache as it is designed to help 
stop attacks so perhaps this parameter should be set in vtiger's 
.htaccess or even loaded just when editing profiles?


Cheers

Al

-- 
Libertus Solutions
http://www.libertus.co.uk



More information about the vtigercrm-developers mailing list