## General developer forum

We discovered an interesting issue with a very recent (10 jan 2012) version of PHP 5.3.9 and the gradebook. When grades are updated in a very large gradebook (say 40 or 50 columns, say 25 students), we are rapidly in a situation where the browser sends more then a thousand gradeitems in the POST request to the server. In fact, what we saw was that grades of students A-M (say) would be updated, but students (N-Z) grades would not.

As it turns out, PHP5.3.9 introduces a new variable “Added max_input_vars directive to prevent attacks based on hash collisions”. This is supossed to mitigate against denial of service attacks. Its default value is 1000, explaining the behavior.

The solution is setting the new variable max_input_vars to a higher value, maybe by putting the line

php_value max_input_vars 10000

Maybe there are other situations where this unexpected behavior surfaces, we only encountered it in the gradebook.

Hope this helps someone.

Average of ratings: -

With this new hash collision DDOS, it was only a matter of time before this was integrated in PHP.

Average of ratings: -

There are a few issues in tracker that sound like they may be the same problem (or very similar).

MDL-29181

MDL-26275 (disabling Suhosin may also get this working)

Average of ratings: -