[mythtv-users] Mythweb update problem
Mike Perkins
mikep at randomtraveller.org.uk
Tue Aug 7 15:10:28 UTC 2007
Andrew Williams wrote:
> On 06/08/07, Mike Perkins <mikep at randomtraveller.org.uk> wrote:
>> Since rebuilding my systems, I've discovered that I can't actually do any
>> updates from the channel maintenance page of mythweb. I get this line in the
>> apache error_log:
>>
>> [Mon Aug 06 18:54:42 2007] [error] [client 192.168.1.3] ALERT - configured POST
>> variable limit exceeded - dropped variable 'finetune_1736' (attacker
>
> Hardend PHP? Seems like a similar problem here:
> http://forum.hardened-php.net/viewtopic.php?pid=1076
>
Yup. And in the interests of expanding knowledge, I'll put the solution here:
You may find references to suhosin on apache startup, or a [suhosin] section in
your php.ini or in a subdirectory like I did. If you see such references it
means you've got a hardened version of php.
I'm running Mandriva 2007.1. This didn't happen to me before, either with
Mandriva 2007.0, or with Mythtv 0.20-fixes, which I was previously running. In
my case, I had to modify the following file: /etc/php.d/Z99_suhosin.exe
uncomment and change the following two lines, picking numbers to suit:
suhosin.post.max_vars = 3500
suhosin.request.max_vars = 3500
It would seem to me that this is a result of making practically every field in
that web page into a variable which can be posted back (~16 per channel). Might
I suggest that a better approach would be to present the channel data as a
static table, and then have a link (perhaps on the chanid field) take the user
to a page which displays all the attributes for that chanid in an updateable
fashion, together with "save" and "delete" buttons. This would ensure that the
volume of POST data was kept to a reasonable size.
Mike Perkins
More information about the mythtv-users
mailing list