Commit 61d4eed1 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Remove SYSTEM_SECURITY_ABSOLUTE_GET_MAX_LENGTH - makes no sense to hardcode an upper limit.

parent df333752
......@@ -404,7 +404,6 @@ const SYSTEM_SECURITY_ATTACK_DELAY_DEFAULT = 5; // Detected attack causes x seco
const SYSTEM_SECURITY_SHOW_MESSAGE = 'SECURITY_SHOW_MESSAGE'; // Detected attack shows an error message
const SYSTEM_SECURITY_GET_MAX_LENGTH = 'SECURITY_GET_MAX_LENGTH'; // Trim every character (before conversion) to SECURITY_GET_MAX_LENGTH chars;
const SYSTEM_SECURITY_GET_MAX_LENGTH_DEFAULT = 50; // Default max length for get variables
const SYSTEM_SECURITY_ABSOLUTE_GET_MAX_LENGTH = 255; // Default max length for get variables
const GET_EXTRA_LENGTH_TOKEN = '_';
......
......@@ -77,10 +77,6 @@ class Config {
$cnt = count($arr);
if ($cnt > 1 && is_numeric($arr[$cnt - 1])) {
$maxLength = $arr[$cnt - 1];
if ($maxLength > SYSTEM_SECURITY_ABSOLUTE_GET_MAX_LENGTH) {
$attack = true;
break;
}
} else {
$maxLength = $config[SYSTEM_SECURITY_GET_MAX_LENGTH]; // might change again.
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment