About: Some hosts with suhosin installed have the value set to the default (512) which can end up with your config.inc.php file set to blank; the below check sits on your admin landing page and displays a warning if this value is below 2048 (as recommended by Mediawiki, so I figure it's a good round number for us as well).
Basically, when we save a page in the CP it will save every value in the CP back to the config file, which can easily go over some configured suhosin values. The below check also will display what the current value is.
We have a writeup at the UBBDev Wikihere with more information.
About suhosin: Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.
Install Instructions: In /admin/login.php Find:
Code
if ($ubbt_admin) { $ubbt_admin = unserialize($ubbt_admin); }
Add Below:
Code
// suhosin Check by VNC Web Services (http://www.virtualnightclub.net/) if(extension_loaded("suhosin") && ini_get("suhosin.get.max_value_length")) { if(ini_get("suhosin.get.max_value_length") <= 2048) { $suhosin = "You may experience issues with a blank configuration file if you continue, please see <a href=\"http://www.ubbwiki.com/article/view/16/issues-with-suhosin.html\" target=\"_blank\">UBBDev Wiki: Issues with suhosin</a>; this issue pertains to the settings of the suhosin module with your webhost. Your current suhousin length is: ". ini_get("suhosin.get.max_value_length") ."."; } else { $suhosin = ""; } }
Wow.. embarrassed to admit that I didn't know what this was. For any one else, here's the short description.
Quote
Suhosin (pronounced 'su-ho-shin') is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.
So now my next challenge is to figure out how to find out if my Host vendor has it installed.
I expanded on the about section when I got more time (coded while baby was taking a nap, written up while she was eating a snack, lol).
It's generally installed for buffer overflow protection, but is rarely adjusted from the default value of 512, this check reports an error if the value is less than 2048.
Well, the package that's received from their site has the default of 512, 2048 is more than capable for your config (in fact, this script shows a warning of anything below that value).
MOST users are on shared hosts, which means they generally cannot edit this value (and a lot of fly by night hosts just install things vs messing with their default values).
Interesting. I'm on a VPS with Webintellects and supposedly have FULL ACCESS to my virtual server. But there is no suhosin listed in the info section.
If the phpinfo doesn't report suhosin then it shouldn't be installed on your server; every php module loaded should indicate itself in one way or another via phpinfo.
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
