[wp-trac] [WordPress Trac] #37957: WordPress Maximum Post Submit Fields (was: Wordpress Maximum Post Submit Fields)

WordPress Trac noreply at wordpress.org
Tue Sep 6 17:16:18 UTC 2016


#37957: WordPress Maximum Post Submit Fields
-------------------------------+------------------------------
 Reporter:  nathanmemoria      |       Owner:
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Posts, Post Types  |     Version:
 Severity:  normal             |  Resolution:
 Keywords:                     |     Focuses:  administration
-------------------------------+------------------------------
Description changed by SergeyBiryukov:

Old description:

> Wordpress submits post/page/custom post data & metadata in an HTTP post
> request. Because of a DOS vulnerability in PHP
> (http://www.phpclasses.org/blog/post/171-PHP-Vulnerability-May-Halt-
> Millions-of-Servers.html), a limit to php fields was added as the
> default.
>
> It there are 1,000+ fields, the default is not to truncate these fields
> without any notice. Several of my clients have suffered from this issues.
> Specifically, plugins that use a custom post type with a lot of meta data
> will be effected.
>
> This seems to be a core issue rather than a plugin issue. There are two
> solutions:
> Ideally, the data should all be wrapped in one field and submitted (as
> ajax requests currently are), or less ideal there should be a warning
> when data is lost.

New description:

 Wordpress submits post/page/custom post data & metadata in an HTTP post
 request. Because of a DOS vulnerability in PHP
 (http://www.phpclasses.org/blog/post/171-PHP-Vulnerability-May-Halt-
 Millions-of-Servers.html), a limit to php fields was added as the default.

 It there are 1,000+ fields, the default is to truncate these fields
 without any notice. Several of my clients have suffered from this issues.
 Specifically, plugins that use a custom post type with a lot of meta data
 will be effected.

 This seems to be a core issue rather than a plugin issue. There are two
 solutions:
 Ideally, the data should all be wrapped in one field and submitted (as
 ajax requests currently are), or less ideal there should be a warning when
 data is lost.

--

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37957#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list