$_POST key name length?

Question

I am experiencing a very odd behaviour. Say I have the following two <input type='image'> (with the src attribute equal to the name attribute):

<input type='image' name='http://farm1.static.flickr.com/224/471627793_fbda6cecbe_s.jpg'>
<input type='image' name='http://farm5.static.flickr.com/4053/4501238330_c5a85162ef_s.jpg'>

My question is: why does the first input submit and the second one doesn't? I am using CakePHP and if I click on the second image, the $this->params['form'] is empty. But when I click on the first image, everything works fine: the $this->params['form'] contains the correct image name together with it's coordinates from where it was clicked.

This is a very odd behaviour and I believe that this can only happen if $_POST limit its keys' length.

Any help is highly appreciated! Thank you!

Answer 1

PHP itself does not limit field name length for multipart/ or -urlencoded POST requests.

But suhosin does indeed have http://www.hardened-php.net/suhosin/configuration.html#suhosin.post.max_name_length with a default of 64. And your second url is indeed 64 characters long.

Less likely, but also possible is a mod_security setup. It would however spill an error message rather than truncating.

Answer 2

I'm not sure that it's related to the length, according to w3.org:

ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods (".").

so perhaps the problem is related to illegal characters in the name.

Have you tried it in different browsers?