Wiki ⇒ Tips and Tricks ⇒ Suhosin and Dragonfly CMS ⇒ CPG Dragonfly™ CMS
WikiTips and Tricks ⇒ Suhosin and Dragonfly CMS

10. 10: Suhosin and Dragonfly CMS Parent


Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

It is possible (perhaps even prudent) to use Suhosin in conjunction with your PHP installation; however, some of the installation defaults for Suhosin may conflict with Dragonfly (and potentially other Dragonfly applications). It's important to understand what Suhosin does (and doesn't) do, as well as realize that conflicts can result in symptoms that may easily be confused with other software or configuration failures.

One such conflict is the default setting for the maximum number of variables that may be registered. The indicative symptom is the block manager not saving any changes made in the JavaScript area (add, delete, order changes).

Two settings have to be changed in php.ini from their default size of 200 (example values used here):

Code::
suhosin.post.max_vars = "4096"
suhosin.request.max_vars = "4096"

The value needs to be on the order of (blocks * modules * 5) + 6 if all blocks are included in all modules. So, for example, if you have 10 blocks and 12 modules, it would be:

(10 * 12 * 5 ) + 6 = 606

and you would put in your php.ini:

Code::
suhosin.post.max_vars = "606"
suhosin.request.max_vars = "606"

These variables just set the upper limit on how many variables can be defined. It doesn't pre-allocate them or cause additional memory to be consumed. Put another way, it is better to err on the side of larger values. Setting the value too low will cause things to work unpredicably. However, do not set the values too high, or you will lose the benefits of limiting the variable memory space (to prevent memory starvation).

Keep in mind that the Suhosin install does not add configuration variables to php.ini by default. Refer to the Suhosin documentation regarding the configuration options [www.hardened-php.net].

There should only be one php.ini file. Where it is matters, as there are precedence rules and such (PHP looks for its configuration in certain places first, the location varies by platform). You can find the location of the active php.ini files by going to "Administration Menu > > System Info > > General" in the Dragonfly administration panel and looking for the line that says "Loaded Configuration File". This will be the full file path to the running configuration file (a common location for the file is "/usr/local/bin/php.ini"). That will be the file you want to edit. So long as the syntax is correct, placement in the php.ini file doesn't matter. Some php.ini files are divided up into sections with comments and such, but that's really only for reasons of readability.

Once the edit is complete, you need to restart your web server for changes to the PHP options to take effect.

To check that your changes have taken effect, go to "Administration Menu > > System Info > > PHP Modules" in the Dragonfly administration panel, and look for the lines "suhosin.post.max_vars" and "suhosin.request.max_vars" (you'll see them in a section labeled "suhosin", along with the Suhosin logo) and make sure that the "Local Value" column reflects the number you set each to.

Keep in mind that the Dragonfly administration panel uses the phpinfo() function. If the phpinfo() function is restricted, the php.ini file will probably have a line in it that looks like:

Code::
disable_functions = phpinfo

Other functions might be disabled as well (they'd be comma-separated in that case).

Created: Thursday, June 19, 2008 (22:43:12) by darkgrue
Updated: Monday, August 18, 2008 (06:11:24) by darkgrue