0

Here is some data that I am POSTing to a PHP script.

$Data =
[
    "Something"      => "1",
    "SomethingElse"  => "2",
    "More"           => "3",
    "Exactly1000000" => substr(file_get_contents("Data2MB.txt"), 0, 1000000),
    "Exactly1000001" => substr(file_get_contents("Data2MB.txt"), 0, 1000001),
    "About2MB"       => file_get_contents("Data2MB.txt"),
];

This has been done using cURL, Guzzle (not using cURL) and via XMLHttpRequest. Both produce identical results.

Posted to:

<?php
print_r($_POST);
?>

Output:

Array
(
    [Something] => 1
    [SomethingElse] => 2
    [More] => 3
    [Exactly1000000] => Z0vp2++85+y9wjFL... (very long random base64)
)

Any string value > 1000000 characters literally disappears BUT is present if the target script shows file_get_contents("php://input")

I have the following PHP parameters set:

max_execution_time      500
max_file_uploads        20
max_input_nesting_level 64
max_input_time          500
max_input_vars          10000
memory_limit            512M
post_max_size           240M

Can anyone advise me on what is going on?

Edit: No, it's not a duplicate question. I know about the upper limits, which can be huge. My example is only sending megabytes and the PHP settings have been altered (above) to create more than enough headroom. For some reason, the keys/values are simply not being seen on my server.

DaveHolt
  • 119
  • 1
  • 3
  • 13

1 Answers1

3

My guess, you most likely have Suhosin installed on the server - that has a setting limiting POST parameter value lengths, and it has exactly that value as the default:

https://suhosin.org/stories/configuration.html#suhosin-post-max-value-length:

suhosin.post.max_value_length
Type: Integer
Default: 1000000
Defines the maximum length of a variable that is registered through a POST request.

04FS
  • 5,660
  • 2
  • 10
  • 21