How to override suhosin max value?

问题

An important GET param is being filtered by suhosin. How do I override suhosin when the following does not work?

public_html/php.ini :

[suhosin]
suhosin.get.max_value_length = 2048

Sets suhosin.get.max_value_length among others to NULL and crashes user session.

-

public_html/.htaccess :

<IfModule mod_php5.c>
    php_value suhosin.get.max_value_length 2048
</IfModule>

No effect

-

(System default is set to:)

suhosin.get.max_value_length = 512
suhosin.get.max_value_length = 100000

The GET parameter being filtered is 576 chars long.

回答1:

We can bypass suhosin by re-building the $_GET

// Override suhosin $_GET limitation
  $_GET = array();
  $params = explode('&', $_SERVER['QUERY_STRING']);
  foreach ($params as $pair) {
    list($key, $value) = explode('=', $pair);
    $_GET[urldecode($key)] = urldecode($value);
  }

回答2:

On Debian|Ubuntu systems you can set the suhosin parameters globally in:

/etc/php5/conf.d/suhosin.ini

来源：https://stackoverflow.com/questions/12718609/how-to-override-suhosin-max-value