It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.

Issues with the PHP Module 'suhosin' · Article

What Is Covered

Summary
Recommended Values
Install Check
Discussion


 

Summary


The PHP suhosin module can wreak havock with your UBB.threads install and other scripts that you may have hosted on your site, more specifically it can clear your /includes/config.inc.php to be 0bytes/blank. All variables that you can set on your install are passed along with each page submission, which on a default install of suhousin can result in an empty /includes/config.inc.php. To get around this, we recommend some very basic values to replace the defaults that ship with the default configuration for you to supply to your webhost.


 

Recommended Values


A minimum recommended value of 2048 will work fine for most users, but you'll have to contact your webhost to increase this limit in the php.ini for your site (a reference of this can be found regarding Mediawiki.


 

Install Check


Prior to v7.6.0 a check was unavailable in the stock packages; but has been added to the initial install screens. Additionally, a check has been added to the landing page of the Control Panel, and you can install the UBB.threads System Requirements Test package, which tests your server for the default configuration.


 

Discussion


Here I discuss the issue and a fix, in summary; below is a transcript of that post.

Quote
I'm pretty sure I've found the culprit, I'll type out an explanation here for you to give to your host:
[quote]I believe that the issue lies with the suhousin module installed on the server. By default suhousin will limit the amount of variables that php can read as a protection from buffer overflows. With our script, UBB.Threads, when the config file (config.inc.php) is written it will submit all configuration variables as post data which can exceed the amount of variables which suhousin can process; this limit will need to either be removed or increased to alleviate the issue where the config file will write blank data which will disable the forum until a backup file can be restored.
[/quote]

And I'll type out a statement for the search feature so that this thread can be easily located in the future:
Quote
Too many configuration variables are being submitted for the "suhosin" module and it's clearing out the configuration "config.inc.php" file.


I really just want to quote Rick, who is missed dearly
Quote
suhosin strikes again. For anyone following along or comes across this in a search. suhosin is limiting the amount of form variables that can be passed to the script and discarding the rest.


More information on what "suhousin" is, that I posted in one of the threads I'm linking to below:
Quote
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.


Here I will provide some "handy dandy" references so that I don't have to hit my head against the wall next time:
Display and Feature settings gone and will not reset
7.5.5 all moderator permissions gone if you try to update mod group
Losing forums??
Losing forums??

In fact, you might as well just link your host to this particular posting, with this url.
Posted By Gremelin Posted on January 14th, 2015 · Updated on January 13th, 2017
▼ Sponsored Links ▼
▲ Sponsored Links ▲

Comments

( Posted)