Limit maximal numver of fields to 4096

Signed-off-by: Michal Čihař <michal@cihar.com>

Author: nijel

libraries/create_addfield.lib.php

@@ -335,11 +335,14 @@ function PMA_getTableCreationQuery($db, $table)
 function PMA_getNumberOfFieldsFromRequest()
 {
     if (isset($_REQUEST['submit_num_fields'])) {
-        $num_fields = $_REQUEST['orig_num_fields'] + $_REQUEST['added_fields'];
+        $num_fields = min(
+            4096,
+            intval($_REQUEST['orig_num_fields']) + intval($_REQUEST['added_fields'])
+        );
     } elseif (isset($_REQUEST['num_fields'])
         && intval($_REQUEST['num_fields']) > 0
     ) {
-        $num_fields = (int) $_REQUEST['num_fields'];
+        $num_fields = min(4096, intval($_REQUEST['num_fields']));
     } else {
         $num_fields = 4;
     }

normalization.php

@@ -28,7 +28,7 @@
     exit;
 }
 if (isset($_REQUEST['splitColumn'])) {
-    $num_fields = $_REQUEST['numFields'];
+    $num_fields = min(4096, intval($_REQUEST['numFields']));
     $html = PMA_getHtmlForCreateNewColumn($num_fields, $db, $table);
     $html .= PMA_URL_getHiddenInputs($db, $table);
     echo $html;

tbl_addfield.php

@@ -42,10 +42,13 @@
     if (isset($_REQUEST['orig_field_where'])) {
         $_REQUEST['field_where'] = $_REQUEST['orig_field_where'];
     }
-    $num_fields = $_REQUEST['orig_num_fields'] + $_REQUEST['added_fields'];
+    $num_fields = min(
+        intval($_REQUEST['orig_num_fields']) + intval($_REQUEST['added_fields']),
+        4096
+    );
     $regenerate = true;
 } elseif (isset($_REQUEST['num_fields']) && intval($_REQUEST['num_fields']) > 0) {
-    $num_fields = (int) $_REQUEST['num_fields'];
+    $num_fields = min(4096, intval($_REQUEST['num_fields']));
 } else {
     $num_fields = 1;
 }