php - Avoid requests that take much time Apache -


i programm class validates data browsers , 1 of methods validates length of strings, came mind: if sends big string 2 millions of characters or more (or whatever) ?

if use strlen() count bytes, count last bytes. waste count bytes.

after thinking while, made this:

   class validator     {      static public function verify_str_length($str, $min, $max)      {           $i;        $counter = $min;        $msg = "";       // looling until null char found       //        for($i=$min-1;$i<$max;$i++) {           if(!isset($str[$i])) {             if($i == ($min -1)) {                 // if first iteration                 // find null char early.                 // $i starts minimum length allowed, string                 // length lower short                 $msg = 'too short string';                 return -1;             }              return 0;          }        }        if(isset($str[$i])) {          // if reach max , keep without finding null char          // string length higher $max           $msg = 'too long string';            return 1;       }        return 0;        }       //     /*  others methods           ..... */    }

note not need number of characters in string, if higher $min , lower $max. discard others chars.

my question is: idea instead of using strlen() ?

is there way configurate apache stop execution if server takes more x seconds in processing request ?

or can use both options?

thanks in advance!

you can use php's post_max_size directive limit amount of content submitted. careful setting because if have file uploads, have fit within size well.

http://php.net/manual/en/ini.core.php#ini.post-max-size

to limit amount of time spent parsing input data, may use max_input_time.

http://php.net/manual/en/info.configuration.php#ini.max-input-time

to limit execution time, use max_execution_time.

http://php.net/manual/en/info.configuration.php#ini.max-execution-time

you may set these in .htaccess, so:

php_value post_max_size 1m php_value max_execution_time 30 php_value max_input_time 5

for validation, should use php's filter functions, example:

$content = filter_input( input_post, 'content', filter_validate_regexp, [ 'options' => ['regexp' => '/^[\w-]{1,64}$/']] );

this ensure if $_post['content'] not composed of letters, digits, underscores or hyphens, , not between 1 , 64 characters long, not accepted.

http://php.net/manual/en/function.filter-input.php


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

What is happening when Matlab is starting a "parallel pool"? -

running parallel cpu processes in matlab starts command parpool() according documentation , function: [creates] special job on pool of workers, , [connects] matlab client parallel pool. this function takes bit of time execute, on order of 30 seconds. in other multi-cpu paradigms openmp, parallel execution seems totally transparent -- i've never noticed behavior analogous matlab (granted i'm not experienced parallel programming). so, happening between time parpool() called , when finishes executing? takes long? parallel computing toolbox enables run matlab code in parallel using several different paradigms (e.g. jobs , tasks, parfor , spmd , parfeval , batch processing), , run either locally (parallelised across cores in local machine) or remotely (parallelised across machines in cluster - either 1 own, or 1 in cloud). in of these cases, code run on matlab workers , copies of matlab without interactive desktop. if you're intending run on remo...
Read more

php - Cannot override Laravel Spark authentication with own implementation -

during login process of laravel spark need request token of remote api. api stores exact same users , passwords laravel spark application. therefore need username , non hashed password of user during authentication process. i thought overriding authenticated method solution problem. in routes/web.php override post /login endpoint , pointing endpoint own logincontroller: <?php namespace app\http\controllers\auth; use illuminate\support\facades\log; use illuminate\http\request; use laravel\spark\http\controllers\auth\logincontroller sparklogincontroller; class logincontroller extends sparklogincontroller { /** * create new login controller instance. * * @return void */ public function __construct() { parent::__construct(); } /** * handle successful authentication attempt. * * @param request $request * @param \illuminate\contracts\auth\authenticatable $user * @return response */ public fu...
Read more