Fix - PHP: If more parameters are submitted than PHP allows, an error…

… is now shown.
gil04 · Jul 25, 2019 · 2fe6a9e · 2fe6a9e
1 parent ad5f921
commit 2fe6a9e
Showing 1 changed file with 17 additions and 10 deletions.
diff --git a/Editor.php b/Editor.php
@@ -936,20 +936,27 @@ private function _process( $data )
 		$this->_formData = isset($data['data']) ? $data['data'] : null;
 		$validators = $this->_validator;
 
-		if ( $this->_transaction ) {
-			$this->_db->transaction();
+		// Sanity check that data isn't getting truncated as that can lead to data corruption
+		if ( count($data, COUNT_RECURSIVE) == ini_get('max_input_vars') ) {
+			$this->_out['error'] = 'Too many rows edited at the same time (tech info: max_input_vars exceeded).';
 		}
 
-		$this->_prepJoin();
+		if ( ! $this->_out['error'] ) {
+			if ( $this->_transaction ) {
+				$this->_db->transaction();
+			}
 
-		if ( $validators ) {
-			for ( $i=0 ; $i<count($validators) ; $i++ ) {
-				$validator = $validators[$i];
-				$ret = $validator( $this, !isset($data['action']) ? self::ACTION_READ : $data['action'], $data );
+			$this->_prepJoin();
 
-				if ( is_string($ret) ) {
-					$this->_out['error'] = $ret;
-					break;
+			if ( $validators ) {
+				for ( $i=0 ; $i<count($validators) ; $i++ ) {
+					$validator = $validators[$i];
+					$ret = $validator( $this, !isset($data['action']) ? self::ACTION_READ : $data['action'], $data );
+
+					if ( is_string($ret) ) {
+						$this->_out['error'] = $ret;
+						break;
+					}
 				}
 			}
 		}