Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
typo3
qfq
Commits
61d4eed1
Commit
61d4eed1
authored
Sep 25, 2017
by
Carsten Rose
Browse files
Remove SYSTEM_SECURITY_ABSOLUTE_GET_MAX_LENGTH - makes no sense to hardcode an upper limit.
parent
df333752
Changes
2
Hide whitespace changes
Inline
Side-by-side
extension/qfq/qfq/Constants.php
View file @
61d4eed1
...
...
@@ -404,7 +404,6 @@ const SYSTEM_SECURITY_ATTACK_DELAY_DEFAULT = 5; // Detected attack causes x seco
const
SYSTEM_SECURITY_SHOW_MESSAGE
=
'SECURITY_SHOW_MESSAGE'
;
// Detected attack shows an error message
const
SYSTEM_SECURITY_GET_MAX_LENGTH
=
'SECURITY_GET_MAX_LENGTH'
;
// Trim every character (before conversion) to SECURITY_GET_MAX_LENGTH chars;
const
SYSTEM_SECURITY_GET_MAX_LENGTH_DEFAULT
=
50
;
// Default max length for get variables
const
SYSTEM_SECURITY_ABSOLUTE_GET_MAX_LENGTH
=
255
;
// Default max length for get variables
const
GET_EXTRA_LENGTH_TOKEN
=
'_'
;
...
...
extension/qfq/qfq/store/Config.php
View file @
61d4eed1
...
...
@@ -77,10 +77,6 @@ class Config {
$cnt
=
count
(
$arr
);
if
(
$cnt
>
1
&&
is_numeric
(
$arr
[
$cnt
-
1
]))
{
$maxLength
=
$arr
[
$cnt
-
1
];
if
(
$maxLength
>
SYSTEM_SECURITY_ABSOLUTE_GET_MAX_LENGTH
)
{
$attack
=
true
;
break
;
}
}
else
{
$maxLength
=
$config
[
SYSTEM_SECURITY_GET_MAX_LENGTH
];
// might change again.
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment