From f3c12ccbad88afd75b4125224f26fffbefbc49ef Mon Sep 17 00:00:00 2001
From: Peter Gribanov <wcode404@gmail.com>
Date: Mon, 18 Oct 2021 17:13:11 +0300
Subject: [PATCH] If there are more input variables on the string than
 specified by max_input_vars directive, then further input variables are
 truncated from the request

---
 src/Format/UrlEncodedFormat.php | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/Format/UrlEncodedFormat.php b/src/Format/UrlEncodedFormat.php
index 8a6a244f..4470d228 100644
--- a/src/Format/UrlEncodedFormat.php
+++ b/src/Format/UrlEncodedFormat.php
@@ -25,8 +25,25 @@ public function encode($data, $humanReadable = false)
 
     public function decode($data)
     {
-        parse_str($data, $r);
-        return self::decoderTypeFix($r);
+        $numberOfVariablesInQuery = substr_count($data, '&') + 1;
+
+        // if there are more input variables on the string than specified by max_input_vars directive, then further
+        // input variables are truncated from the request
+        if ($numberOfVariablesInQuery < (int) ini_get('max_input_vars')) {
+            parse_str($data, $result);
+
+            return self::decoderTypeFix($result);
+        }
+
+        $parsedVariables = [];
+
+        foreach (explode('&', $data) as $variableString) {
+            $parsedVariable = null;
+            parse_str($variableString, $parsedVariable);
+            $parsedVariables[] = $parsedVariable;
+        }
+
+        return self::decoderTypeFix(array_merge_recursive(...$parsedVariables));
     }
 
     public static function encoderTypeFix(array $data)