rubo77/circumvent_max_input_vars.php

## circumvent_max_input_vars.php
<html><head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<title>circumvent max_input_vars limit in PHP</title></head>
<body>
<a href="circumvent_max_input_vars.php">restart</a><br>
<?php

/**
 * do the same than parse_str without max_input_vars limitation:
 * Parses $string as if it were the query string passed via a URL and sets variables in the current scope.
 * @param $string array string to parse (not altered like in the original parse_str(), use the second parameter!)
 * @param $result array  If the second parameter is present, variables are stored in this variable as array elements

 * @return bool true or false if $string is an empty string
 *
 * @author rubo77 at https://gist.github.com/rubo77/6821632
 **/
function my_parse_str($string, &$result) {
	if($string==='') return false;
	$result = array();
	// find the pairs "name=value"
	$pairs = explode('&', urldecode($string));
	foreach ($pairs as $pair) {
		// use the original parse_str() on each element
		parse_str($pair, $params);
		$k=key($params);
		if(!isset($result[$k])) $result+=$params;
		else $result[$k]+=$params[$k];
	}
	return true;
}


if(!empty($_REQUEST)) {
	echo count($_REQUEST,1)." num request variables<br>
	<pre>";

	if(isset($_REQUEST['serialized_data'])){
		if(empty($_REQUEST['serialized_data']) and $_REQUEST["num_elements_already_disabled"]) echo "you pressed back and reload - no data sent<br>";
		my_parse_str($_REQUEST['serialized_data'], $params);
		echo count($params,1)." serialized variables:<br>";
		unset($_REQUEST['serialized_data']);
		$_REQUEST+=$params;
	}
	var_export($_REQUEST);
	echo "</pre>";
}else {
	?>
	<h1>hidden form 1 1100 vars</h1>
	<form method="post" id="f2">
		<input type="text" value="v&quot;a" name="somequote"><?
		for($i=0;$i<1100;$i++) echo '<input type="hidden" name="v'.$i.'" value="v'.$i.'">';
		?><textarea name="bla">blubb</textarea>
<select name="bla"><option>test</select>
<input type="submit">
	</form>

	<h1>visible post form 2 with strange characters</h1>
	<form method="post" id="f" action=""><?
		for($i=0;$i<5;$i++) echo '<input type="text" name="v'.$i.'" value="v'.$i.'/&quot&auml;>">';
		?><input type="submit" name="sadosa">
	</form>

	<h1>multidimensional form</h1>
	<form method="post" id="m"><?
		for($i=0;$i<5;$i++) echo '<input type="hidden" value="v'.$i.'" name="v'.$i.'">';
		for($i=0;$i<5;$i++){
			for($k=0;$k<2;$k++){
				echo '<input type="hidden" name="m['.$i.']['.$k.']" value="m'.$i.'_'.$k.'">';
			}
		}
		echo '<input type="hidden" name="m['.$i.']" value="last">';
		for($i=0;$i<3;$i++){
			for($k=0;$k<2;$k++){
				echo '<input type="hidden" name="x['.$i.']['.$k.']" value="x'.$i.'_'.$k.'">';
			}
		}?><input type="submit">
	</form>

	<h1>get form</h1>
	<form method="get" id="g"><?
		for($i=0;$i<10;$i++) echo '<input type="hidden" name="v'.$i.'" value="v'.$i.'">';
		?><input type="submit">
	</form>
	<?


}
?>
	<script>
	// this disables all form elements and creates only one new element that contains all data serialized
	$('form[method="post"]').submit(function() {
		var num_form_elements=$(this).find('input, select, textarea').not('[type="submit"]').length;
		var num_elements_already_disabled=$(this).find('input:disabled, select:disabled, textarea:disabled').length;
		enabled=(num_form_elements-num_elements_already_disabled);
		if($('textarea[name="serialized_data"]', this).length > 0) {
			alert("Backbutton is not supported yet!");
			return false;
		}
		if($('textarea[name="serialized_data"]', this).length > 0 || enabled<=0) {
			alert("Reload of the form is not supported yet!");
			return false;
		}
		var data=$(this).serialize();
		$(this).find('input, select, textarea').not('[type="submit"]').attr("disabled", true);
		$(this).append('	<input type="hidden" name="num_form_elements" value="'+num_form_elements+'">');
		$(this).append('	<input type="hidden" name="num_elements_already_disabled" value="'+num_elements_already_disabled+'">');
		$(this).append('	<textarea style="display:true" name="serialized_data">'+(data)+'</textarea>');
		// maybe in the textarea I have to .replace(/</g,'&lt;') ?

	});
	</script>
</body></html><?
	<html><head>
	<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
	<title>circumvent max_input_vars limit in PHP</title></head>
	<body>
	<a href="circumvent_max_input_vars.php">restart</a><br>
	<?php

	/**
	* do the same than parse_str without max_input_vars limitation:
	* Parses $string as if it were the query string passed via a URL and sets variables in the current scope.
	* @param $string array string to parse (not altered like in the original parse_str(), use the second parameter!)
	* @param $result array If the second parameter is present, variables are stored in this variable as array elements

	* @return bool true or false if $string is an empty string
	*
	* @author rubo77 at https://gist.github.com/rubo77/6821632
	**/
	function my_parse_str($string, &$result) {
	if($string==='') return false;
	$result = array();
	// find the pairs "name=value"
	$pairs = explode('&', urldecode($string));
	foreach ($pairs as $pair) {
	// use the original parse_str() on each element
	parse_str($pair, $params);
	$k=key($params);
	if(!isset($result[$k])) $result+=$params;
	else $result[$k]+=$params[$k];
	}
	return true;
	}


	if(!empty($_REQUEST)) {
	echo count($_REQUEST,1)." num request variables<br>
	<pre>";

	if(isset($_REQUEST['serialized_data'])){
	if(empty($_REQUEST['serialized_data']) and $_REQUEST["num_elements_already_disabled"]) echo "you pressed back and reload - no data sent<br>";
	my_parse_str($_REQUEST['serialized_data'], $params);
	echo count($params,1)." serialized variables:<br>";
	unset($_REQUEST['serialized_data']);
	$_REQUEST+=$params;
	}
	var_export($_REQUEST);
	echo "</pre>";
	}else {
	?>
	<h1>hidden form 1 1100 vars</h1>
	<form method="post" id="f2">
	<input type="text" value="v"a" name="somequote"><?
	for($i=0;$i<1100;$i++) echo '<input type="hidden" name="v'.$i.'" value="v'.$i.'">';
	?><textarea name="bla">blubb</textarea>
	<select name="bla"><option>test</select>
	<input type="submit">
	</form>

	<h1>visible post form 2 with strange characters</h1>
	<form method="post" id="f" action=""><?
	for($i=0;$i<5;$i++) echo '<input type="text" name="v'.$i.'" value="v'.$i.'/&quotä>">';
	?><input type="submit" name="sadosa">
	</form>

	<h1>multidimensional form</h1>
	<form method="post" id="m"><?
	for($i=0;$i<5;$i++) echo '<input type="hidden" value="v'.$i.'" name="v'.$i.'">';
	for($i=0;$i<5;$i++){
	for($k=0;$k<2;$k++){
	echo '<input type="hidden" name="m['.$i.']['.$k.']" value="m'.$i.'_'.$k.'">';
	}
	}
	echo '<input type="hidden" name="m['.$i.']" value="last">';
	for($i=0;$i<3;$i++){
	for($k=0;$k<2;$k++){
	echo '<input type="hidden" name="x['.$i.']['.$k.']" value="x'.$i.'_'.$k.'">';
	}
	}?><input type="submit">
	</form>

	<h1>get form</h1>
	<form method="get" id="g"><?
	for($i=0;$i<10;$i++) echo '<input type="hidden" name="v'.$i.'" value="v'.$i.'">';
	?><input type="submit">
	</form>
	<?


	}
	?>
	<script>
	// this disables all form elements and creates only one new element that contains all data serialized
	$('form[method="post"]').submit(function() {
	var num_form_elements=$(this).find('input, select, textarea').not('[type="submit"]').length;
	var num_elements_already_disabled=$(this).find('input:disabled, select:disabled, textarea:disabled').length;
	enabled=(num_form_elements-num_elements_already_disabled);
	if($('textarea[name="serialized_data"]', this).length > 0) {
	alert("Backbutton is not supported yet!");
	return false;
	}
	if($('textarea[name="serialized_data"]', this).length > 0 \|\| enabled<=0) {
	alert("Reload of the form is not supported yet!");
	return false;
	}
	var data=$(this).serialize();
	$(this).find('input, select, textarea').not('[type="submit"]').attr("disabled", true);
	$(this).append(' <input type="hidden" name="num_form_elements" value="'+num_form_elements+'">');
	$(this).append(' <input type="hidden" name="num_elements_already_disabled" value="'+num_elements_already_disabled+'">');
	$(this).append(' <textarea style="display:true" name="serialized_data">'+(data)+'</textarea>');
	// maybe in the textarea I have to .replace(/</g,'<') ?

	});
	</script>
	</body></html><?