UBB suhosin Check - 01/14/2015 2:13 PM
Title: UBB suhosin Check
Author: Gizmo (James of VNC Web Services)
Requirements: UBB 7.x
Current Version: v0.1
About:
Some hosts with suhosin installed have the value set to the default (512) which can end up with your config.inc.php file set to blank; the below check sits on your admin landing page and displays a warning if this value is below 2048 (as recommended by Mediawiki, so I figure it's a good round number for us as well).
Basically, when we save a page in the CP it will save every value in the CP back to the config file, which can easily go over some configured suhosin values. The below check also will display what the current value is.
We have a writeup at the UBB.Wiki here with more information.
About suhosin:
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.
Install Instructions:
In /admin/login.php Find:
Add Below:
In /templates/default/admin/login.tmpl Find:
Add Above:
Author: Gizmo (James of VNC Web Services)
Requirements: UBB 7.x
Current Version: v0.1
Stock in UBB.Threads 7.5.9
About:
Some hosts with suhosin installed have the value set to the default (512) which can end up with your config.inc.php file set to blank; the below check sits on your admin landing page and displays a warning if this value is below 2048 (as recommended by Mediawiki, so I figure it's a good round number for us as well).
Basically, when we save a page in the CP it will save every value in the CP back to the config file, which can easily go over some configured suhosin values. The below check also will display what the current value is.
We have a writeup at the UBB.Wiki here with more information.
About suhosin:
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.
Install Instructions:
In /admin/login.php Find:
Code
if ($ubbt_admin) {
$ubbt_admin = unserialize($ubbt_admin);
}Add Below:
Code
// suhosin Check by VNC Web Services (http://www.virtualnightclub.net/)
if(extension_loaded("suhosin") && ini_get("suhosin.get.max_value_length")) {
if(ini_get("suhosin.get.max_value_length") <= 2048) {
$suhosin = "You may experience issues with a blank configuration file if you continue, please see <a href=\"http://www.ubbwiki.com/article/view/16/issues-with-suhosin.html\" target=\"_blank\">UBB.Wiki: Issues with suhosin</a>; this issue pertains to the settings of the suhosin module with your webhost. Your current suhousin length is: ". ini_get("suhosin.get.max_value_length") .".";
} else {
$suhosin = "";
}
}
In /templates/default/admin/login.tmpl Find:
Code
if ($user['USER_MEMBERSHIP_LEVEL'] == "Administrator") {
echo <<<UBBTPRINT
$open <br />[<a href="{$config['BASE_URL']}/admin/dotoggleopen.php">$dotoggle</a>]
UBBTPRINT;
}Add Above:
Code
if($suhosin != "") {
echo <<<UBBTPRINT
<span style="color: #CC0000;">$suhosin</span><br /><br />
UBBTPRINT;
}
