#3961 (ok 4.0.4) Avoid Suhosin warning when in simulation mode

4.0.2
fixed
None
1
2013-06-17
2013-06-01
sagitta
No

The Suhosin warning appears correctly, but if you disable Suhosin with the PHP Flag "suhosin.simulation = On" it's still there.

I think the warning is no longer needed, because in the documentation it says: "When Suhosin runs in simulation mode, violations are logged as usual, but nothing is blocked or removed from the request.".
See: http://www.hardened-php.net/suhosin/configuration.html#suhosin.simulation

Discussion

  • Marc Delisle

    Marc Delisle - 2013-06-02
    • assigned_to: Marc Delisle
     
  • Marc Delisle

    Marc Delisle - 2013-06-02

    Can you confirm that this patch fixes the problem?

    diff --git a/index.php b/index.php
    index 96f6969..30ff2ac 100644
    --- a/index.php
    +++ b/index.php
    @@ -519,6 +519,7 @@ if (function_exists('PMA_DBI_get_client_info') && !PMA_DRIZZLE) {
      */
     if ($cfg['SuhosinDisableWarning'] == false
         && @ini_get('suhosin.request.max_value_length')
    +    && 'on' !== strtolower(@ini_get('suhosin.simulation'))
     ) {
         trigger_error(
             sprintf(
    
     
    Last edit: Marc Delisle 2013-06-02
  • sagitta

    sagitta - 2013-06-02

    This patch doesn't fix the problem for me.

    In the VHost config, it's enabled with "php_flag suhosin.simulation On" and phpinfo also shows "On".
    If I run "var_dump(ini_get('suhosin.simulation'));", I get string(1) "1" if its enabled and string(1) "0" if its disabled.

    I'm using PHP Version 5.3.10-1ubuntu3.6 with Suhosin Patch 0.9.10 and Suhosin Extension 0.9.33

     
  • Marc Delisle

    Marc Delisle - 2013-06-02

    Great, so try this:
    diff --git a/index.php b/index.php
    index 96f6969..012b392 100644
    --- a/index.php
    +++ b/index.php
    @@ -519,6 +519,8 @@ if (function_exists('PMA_DBI_get_client_info') && !PMA_DRIZZLE) {
    */
    if ($cfg['SuhosinDisableWarning'] == false
    && @ini_get('suhosin.request.max_value_length')
    + // warn about Suhosin only if its simulation mode is not enabled
    + && @ini_get('suhosin.simulation') == '0'
    ) {
    trigger_error(
    sprintf(

     
  • sagitta

    sagitta - 2013-06-02

    It's working now. Thanks for the quick response btw.

     
  • Marc Delisle

    Marc Delisle - 2013-06-02
    • summary: Suhosin Warning --> (ok 4.0.4) Avoid Suhosin warning when in simulation mode
    • status: open --> open-fixed
    • Priority: 5 --> 1
     
  • Marc Delisle

    Marc Delisle - 2013-06-02

    And thank you for the precise bug report and subsequent feedback.

     
  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: open-fixed --> resolved
     
  • Marc Delisle

    Marc Delisle - 2013-06-17
    • Status: resolved --> fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks