From 375df2b4e4415c2dc011a210a9efdec9c419f58b Mon Sep 17 00:00:00 2001
From: Stef Dawson <thatbloke@stefdawson.com>
Date: Mon, 14 Dec 2020 00:52:58 +0000
Subject: [PATCH] Attempt to bypass max_input_vars

PHP imposes a limit on the size of an array to 1000 rows by default. Short of altering php.ini, selecting >1000 rows in the files list means saves aren't committed. To bypass this, the plugin now:

a) intercepts the submission process and serializes the form content
b) removes all input fields and adds this serialized data as the only field
c) submits the new form
d) recontructs the $_POST array so the plugin can continue as if it had received a full, regular payload

The only thing to watch now is that the max post payload (and/or suhosin equivalent) isn't exceeded.

Hat tip: https://stackoverflow.com/questions/30830447/workaround-for-max-input-vars-limit
---
 smd_prognostics.php | 49 ++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/smd_prognostics.php b/smd_prognostics.php
index 3e74d3a..72871f1 100644
--- a/smd_prognostics.php
+++ b/smd_prognostics.php
@@ -733,13 +733,43 @@ function smd_prognostics_ack($msg = '')
     }
 }
 
+// ----------
+function smd_prognostics_assign_var(&$target, $var)
+{
+    $key = key($var);
+
+    if (is_array($var[$key])) {
+        smd_prognostics_assign_var($target[$key], $var[$key]);
+    } else {
+        if ($key == 0) {
+            $target[] = $var[$key];
+        } else {
+            $target[$key] = $var[$key];
+        }
+    }
+}
+
 // ----------
 // File management
 function smd_prognostics_files($msg = '')
 {
     global $smd_prognostics_event, $smd_prognostics_checksums;
 
-    extract(doSlash(gpsa(array('submit'))));
+    // Pre-process the incoming 'data' blob back into $_POST variables.
+    // This bypasses the max_input_vars restriction when dealing with
+    // humungous arrays of values > 1000 rows.
+    if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['data'])) {
+        $vars = explode('&', $_POST['data']);
+        $data = array();
+
+        foreach ($vars as $var) {
+            parse_str($var, $variable);
+            smd_prognostics_assign_var($_POST, $variable);
+        }
+
+        $submit = 1;
+    }
+
     $smd_prognostics_files = gps('smd_prognostics_files');
 
     if (!is_array($smd_prognostics_files)) {
@@ -748,6 +778,7 @@ function smd_prognostics_files($msg = '')
 
     $adds = (strpos(get_pref('smd_prognostics_check_for'), 'add') !== false);
     $filelist = smd_prognostics_readfiles();
+
     $allcount = count($filelist);
 
     if ($submit) {
@@ -837,7 +868,18 @@ function smd_prognostics_files($msg = '')
         n. endTable().
         n. tInput().
         n. '</form>'.
-        n. '</div></div>';
+        n. '</div></div>' . script_js(<<<EOJS
+$(function() {
+    $('.smd_prognostics-files-form').submit(function(event) {
+        var me = $(this);
+        var data = me.serialize();
+        me.find("input, textarea, select, button").remove();
+        me.append("<input type='hidden' class='data' name='data' />");
+        me.find("input.data").val(data);
+    });
+});
+EOJS
+        );
 }
 
 // ----------
@@ -1282,7 +1324,8 @@ function smd_prognostics_readfiles()
 
     if ($smd_prognostics_listloc) {
         foreach (do_list($smd_prognostics_listloc) as $loc) {
-            // NOTE: not using GLOB_BRACE to grab regular and dot files, since it's not always available cross-OS
+            // NOTE: *not* using GLOB_BRACE to grab regular and dot files,
+            // since it's not always available cross-OS.
             $filelist = array_merge($filelist, smd_prognostics_rglob("*", GLOB_MARK, $loc, $excludes), smd_prognostics_rglob(".*", GLOB_MARK, $loc, $excludes));
         }
     }