[mythtv-users] Mythweb update problem

Mike Perkins mikep at randomtraveller.org.uk
Tue Aug 7 15:10:28 UTC 2007

Andrew Williams wrote:
> On 06/08/07, Mike Perkins <mikep at randomtraveller.org.uk> wrote:
>> Since rebuilding my systems, I've discovered that I can't actually do any
>> updates from the channel maintenance page of mythweb. I get this line in the
>> apache error_log:
>> [Mon Aug 06 18:54:42 2007] [error] [client] ALERT - configured POST
>> variable limit exceeded - dropped variable 'finetune_1736' (attacker
> Hardend PHP? Seems like a similar problem here:
> http://forum.hardened-php.net/viewtopic.php?pid=1076
Yup. And in the interests of expanding knowledge, I'll put the solution here:

You may find references to suhosin on apache startup, or a [suhosin] section in 
your php.ini or in a subdirectory like I did. If you see such references it 
means you've got a hardened version of php.

I'm running Mandriva 2007.1. This didn't happen to me before, either with 
Mandriva 2007.0, or with Mythtv 0.20-fixes, which I was previously running. In 
my case, I had to modify the following file: /etc/php.d/Z99_suhosin.exe

uncomment and change the following two lines, picking numbers to suit:

suhosin.post.max_vars = 3500
suhosin.request.max_vars = 3500

It would seem to me that this is a result of making practically every field in 
that web page into a variable which can be posted back (~16 per channel). Might 
I suggest that a better approach would be to present the channel data as a 
static table, and then have a link (perhaps on the chanid field) take the user 
to a page which displays all the attributes for that chanid in an updateable 
fashion, together with "save" and "delete" buttons. This would ensure that the 
volume of POST data was kept to a reasonable size.

Mike Perkins

More information about the mythtv-users mailing list