4.7.7: PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. #13887
Comments
sounds like terrible inefficient ajax stuff where i don't get what the hell is going on here when you just edit a single record based on it's primary key - i wantr back the times as PMA worked completly without ajax at all |
@OlafvdSpek dumb trolling - when i switch everytime abug occurs in some software chnage the software i would be 365 days busy with only that |
@thelounge-zz I'm having another issue with 4.7.7. (#13907) Just wondering if you are also seeing this problem. I have reverted to 4.7.6 for now. |
i revert after the first problem in basic tasks like edit a single record, so 4.7.7 was only there for 2 minutes |
anything new on this problem? even increasing the php limit to 2000 doesn't change anything on a 100*10 fields list. |
The problem is caused by using POST for all these links now what leads to massive form nesting. This has been already addressed in master and probably needs to be backported to 4.7 branch. Related commit is 3b9fb2b |
don't get me wrong but what needs any form nesting when you just edit a single record? do you developers have only test-tables with 5 records or how can it be that it took me 3 clicks with 4.7.7 to qualify it unusable (datebase -> tablename -> edit on the first record -> boom) |
This is side effect of fixing PMASA-2017-9 and apparently the embargoed patch didn't get tested on this setup. |
in reality this is a side-effect of massive AJAX stuff for trivial operations - you don't need anything else than the primary key and a token to display the edit form for a record on the next screen |
ok thx, any timeframe for 4.7.8? because pr is not really compatible with 4.7.7. |
It's unrelated to AJAX - it's caused by fact that we're now using POST for any action containing SQL query (for privacy reasons), what for example are sort links on the browse page or edit links for rows. As this is done already inside In the end the 4.7 branch is supposed to be maintenance only, however fixing security issues sometimes forces us to do bigger changes and this is always risky... The 4.7.8 is currently scheduled on January 22. |
i still don't see a reason to post that massive amount of data around just generate the form with only the needed data on demand and you should be done or wrap a form around every row which get submitted onclick "however fixing security issues sometimes forces us to do bigger changes" - well, but not completly untested when it breaks even on a table with 25 records and a handful of fields |
The problem is that this all is done in single form, it just contains elements for all nested forms as Lines 1866 to 1871 in 2ceb241 Yes, I've apparently messed up testing of the security fix. It was touching pretty much all pages and I didn't test scenario which you believe is obvious, but didn't came to my mind. You are more than welcome to contribute testcase which would cover this. We certainly could use more manpower so that such things get better tested. With current manpower I was happy that patch got at least reviewed by one peer. It can easily happen that mistakes are going through unnoticed. |
I'll chime in here to add that I also missed this during the embargoed security testing phase. I did some testing, but wasn't thorough enough to catch this. We'll get it fixed for 4.7.8. |
Any news about this issue? |
I did some research about it , but couldn't find a way to fix it without editing php.ini . Any suggestions about how to get started? |
downgrade to previous release, make sure you ahve some http-basic auth in front of phpMyAdmin or when possible ip-restrictions - edit php.ini because of some broken release of a random software won't happen here, especially not security relevant server settings - max_input_vars has a good reason |
@thelounge-zz thanks for your suggestion , but I'm seeking help to fix the bug in the code itself. |
congratulations - 4.7.8 is still broken - well done for point releases Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 Error during session start; please check your PHP and/or webserver log file and configure your PHP installation properly. Also ensure that cookies are enabled in your browser. |
Awesome the second security release I can't use because phpmyadmin doesn't work anymore. |
I want to comment with something productive, but can't think of much to say other than to echo the concern that this was moved back from 4.7.8 to 4.7.9; This bug has made the tool very difficult to work with on tables that have lots of attributes, or lots of rows. My current workaround for my end-users is to have them use pagination, but, with this issue, table search / filtering also becomes unusable. So a quick turnaround on this would be much appreciated. |
I see that 4.7.9 is in "No due date" status, while 4.8.0 is "Due by March 21, 2018". So we'll don't see 4.7.9, and will jump directly to 4.8.0? Thank you for your work, we really appreciate it. |
Mentally insert some rants about 99% useless POST data. :) Here's a fun experiment:
So now you have a browse screen with only one row of data. What happens when you click edit? Magically it all works. So all that data isn't needed. The proper fix was already mentioned...split into sub-forms and/or build a proper POST with just the needed data. However...consider this as a possible easy hack: Before you post the "form" have the javascript delete all the rows in the table above and below the one row of data that was actually clicked (like our manual node delete experiment). This will remove the useless data that isn't needed anyway. Jquery details left to those who enjoy that stuff. |
in phpMyAdmin-4.8+snapshot all OK. Thanks. |
Should be fixed in QA_4_7 as well thanks to #14036. |
Hi everyone, do you test 4.7.9? Is it resolved error message: "Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini" ? |
yes seams to work now. |
Thank you! :) So far 4.7.9 looks good! |
Great! Everything works! |
Now that this is fixed, how many input variables are there — would it be equal to the number of rows? Or because of the grid edit, would it be rows * columns? I'm just trying to figure out how large max_input_vars really needs to be. |
4.7.7 is broken
just dispaly a table with 25 out of 98 records and 14 columns and click edit on a random record - other than 4.7.5/4.7.6 you don't get the form part but the error message below in the error_log
[23-Dec-2017 16:37:04 Europe/Vienna] PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
[23-Dec-2017 16:37:49 Europe/Vienna] PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
[23-Dec-2017 16:38:09 Europe/Vienna] PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
[23-Dec-2017 16:38:38 Europe/Vienna] PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
The text was updated successfully, but these errors were encountered: