UBB suhosin Check

Print Thread

Rate Thread

UBB suhosin Check #320651 01/14/2015 7:13 AM
Joined: Jan 2000 Posts: 5,833 Likes: 20 Portland, OR, USA Gizmo UBBDev / UBBWiki Owner Time Lord
Gizmo UBBDev / UBBWiki Owner Time Lord Joined: Jan 2000 Posts: 5,833 Likes: 20 Portland, OR, USA	Title: UBB suhosin Check Author: Gizmo (James of VNC Web Services) Requirements: UBB 7.x Current Version: v0.1 Stock in UBB.Threads 7.5.9 About: Some hosts with suhosin installed have the value set to the default (512) which can end up with your config.inc.php file set to blank; the below check sits on your admin landing page and displays a warning if this value is below 2048 (as recommended by Mediawiki, so I figure it's a good round number for us as well). Basically, when we save a page in the CP it will save every value in the CP back to the config file, which can easily go over some configured suhosin values. The below check also will display what the current value is. We have a writeup at the UBBDev Wiki here with more information. About suhosin: Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections. Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer. Install Instructions: In /admin/login.php Find: Code if ($ubbt_admin) { $ubbt_admin = unserialize($ubbt_admin); } Add Below: Code // suhosin Check by VNC Web Services (http://www.virtualnightclub.net/) if(extension_loaded("suhosin") && ini_get("suhosin.get.max_value_length")) { if(ini_get("suhosin.get.max_value_length") <= 2048) { $suhosin = "You may experience issues with a blank configuration file if you continue, please see <a href=\"http://www.ubbwiki.com/article/view/16/issues-with-suhosin.html\" target=\"_blank\">UBBDev Wiki: Issues with suhosin</a>; this issue pertains to the settings of the suhosin module with your webhost. Your current suhousin length is: ". ini_get("suhosin.get.max_value_length") ."."; } else { $suhosin = ""; } } In /templates/default/admin/login.tmpl Find: Code if ($user['USER_MEMBERSHIP_LEVEL'] == "Administrator") { echo <<<UBBTPRINT $open <br />[<a href="{$config['BASE_URL']}/admin/dotoggleopen.php">$dotoggle</a>] UBBTPRINT; } Add Above: Code if($suhosin != "") { echo <<<UBBTPRINT <span style="color: #CC0000;">$suhosin</span><br /><br /> UBBTPRINT; } UBB.Dev - Putting Dev into UBB.threads Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance. Forums: A Gardeners Forum, Scouters World, and UGN Security UBB.Threads: My UBB Themes, My UBB Scripts

UBB.Developers Forums UBB.threads 7 Development Addons and Modifications UBB suhosin Check