Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Security issue exposed revolving around DOS attack to crash the hashtable storing variables. Read more:
- http://www.redhat.com/archives/enterprise-watch-list/2012-January/msg000...
- http://weblogs.asp.net/scottgu/archive/2011/12/28/asp-net-security-updat...
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4885
- http://pkgs.org/centos-5-rhel-5/centos-rhel-updates-x86_64/php53-5.3.3-1...
Patch released to Apache to prevent this by restricting number of variables allowed (Red Hat 5.3.3-1.el5-7.5?).
However, if you have a giant website, trying to administer the menu (with the numerous checkboxes and hidden order fields) results in WSOD (segmentation fault on zend_hash_num_elements). e.g. 1000+ pages.
Two suggestions/requests (should this be a feature request?) --
- if this new setting is configurable via ini_set, would it be possible to increase the limit only on menu pages?
- some kind of paginated menu administration, so we still have access to the enable/disable checkboxes in bulk
I know this may be an edge case, so if I can do this on my Drupal instance instead please let me know.
Comments
Comment #0.0
dzaus CreditAttribution: dzaus commentedmore reading - links
Comment #0.1
dzaus CreditAttribution: dzaus commentedone more reference