On 04/24/2013 03:24 PM, Ken Kixmoeller wrote:
Thanks, Jim ---
Is this different from the "max_input_vars" discussion above? (from David
OBrien)
yes. For example...
php.ini:[suhosin]
php.ini:;suhosin.log.syslog =
php.ini:;suhosin.log.syslog.facility =
php.ini:;suhosin.log.syslo
Michael A. Peters wrote:
suhosin forum is currently down so I can't ask there.
I'm using https for login but the rest of the site is not https
www.domain.com is regular
secure.domain.com is https
I set the session cookie this way:
ini_set("session.cookie_domain",&q
Thank you very much, Jim ---
On Wed, Apr 24, 2013 at 5:34 PM, Jim Lucas wrote:
> On 04/24/2013 03:24 PM, Ken Kixmoeller wrote:
>
>> Thanks, Jim ---
>>
>> Is this different from the "max_input_vars" discussion above? (from David
>> OBrien)
>>
;>> Thanks, Jim ---
>>>
>>> Is this different from the "max_input_vars" discussion above? (from David
>>> OBrien)
>>>
>>
>> yes. For example...
>>
>> php.ini:[suhosin]
>> php.ini:;suhosin.log.syslog =
>> php.ini:
v0.9.6
Suhosin v0.9.6 - October 2, 2006
Announcement
The Hardened-PHP Project is proud to announce the immediate
availability of the first stable releases of Suh
suhosin forum is currently down so I can't ask there.
I'm using https for login but the rest of the site is not https
www.domain.com is regular
secure.domain.com is https
I set the session cookie this way:
ini_set("session.cookie_domain",".domain.com");
Works
Chris wrote:
Yes, I read the documentation on how to make them play nice, and to me
it is unacceptable to change suhosin settings intended to protect my
users and my site from a malicious user so that I can use a web app
that is not open to the public.
No idea what the problems are (couldn&#
Michael A. Peters wrote:
Chris wrote:
Yes, I read the documentation on how to make them play nice, and to
me it is unacceptable to change suhosin settings intended to protect
my users and my site from a malicious user so that I can use a web
app that is not open to the public.
No idea what
# [EMAIL PROTECTED] / 2006-10-18 10:57:52 -0600:
> php -v
> PHP 5.1.6 with Suhosin-Patch 0.9.5 (cli) (built: Oct 18 2006 08:36:59)
> Copyright (c) 1997-2006 The PHP Group
> Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
>
> This configuration cause no end of probl
php -v
PHP 5.1.6 with Suhosin-Patch 0.9.5 (cli) (built: Oct 18 2006 08:36:59)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
This configuration cause no end of problems, and I finally compiled
php without the Suhosin-Patch. Everything is
Hi,
I am just wondering if anybody have the same experience. Yes, I noticed
that the Suhosin forum is down for maintenance, as soon as possible I
will write them too.
Answer to the question about apache, yes I did restart it. It just
doesn`t make any sense.
Regards,
--
David Oros
System
Google Kreme wrote:
php -v
PHP 5.1.6 with Suhosin-Patch 0.9.5 (cli) (built: Oct 18 2006 08:36:59)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
This configuration cause no end of problems, and I finally compiled php
without the Suhosin
Yes, I read the documentation on how to make them play nice, and to me
it is unacceptable to change suhosin settings intended to protect my
users and my site from a malicious user so that I can use a web app that
is not open to the public.
No idea what the problems are (couldn't find a
2010/11/4 David Oros :
>
> I have scripts that need for example exec() functions, but in general conf -
> suhosin.ini the exec function is disabled, so I turned on suhosin simulation
> mode. Now it is logging ALERT-SIMULATION messages in syslog, but it also
> blocks the sc
t browser related because I tested it another server and
it did work using FF and IE7.
Im using PHP Version 5.2.4_p20070914-pl2-gentoo, with suhosin and the
ZendOptimizer on Linux AMD64. I've also set the max_post and max_upload
to 1024M for testing... Nothing works... :(
Does anyone have
Hello,
I am searching through the internet how to work with suhosin. I am using
debain lenny with apache2 and php 5.2 in production and my problem is:
I have scripts that need for example exec() functions, but in general
conf - suhosin.ini the exec function is disabled, so I turned on
>> I do not understand the exploit. How is he spoofing any $_SERVER
>> variables? The attack description doesn't make sense.
>>
>
> Did you actually try his example?
> Some browsers may have some client side protection and not execute it. I
> believe suhos
work dandy on php 5.2.9 -
so somewhere something ain't quite right.
No seg fault if I don't load the suhosin module. (suhosin not an issue
in 5.2.9) - works as expected, so suhosin needs an update.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: htt
og.
I think it's not browser related because I tested it another server and
it did work using FF and IE7.
Im using PHP Version 5.2.4_p20070914-pl2-gentoo, with suhosin and the
ZendOptimizer on Linux AMD64. I've also set the max_post and max_upload
to 1024M for testing... Nothing works...
Well I do not use suhosin as I can lock down PHP with things like
disable_function, disable_classes along with more advance function
such as chroot and mod_security.
On 8/3/13, Nick Edwards wrote:
> Ok, so I know this might start flame wars, but... here goes ;)
>
> It seems suhosin i
> -Original Message-
> From: mike [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 22, 2007 1:32 PM
>
> > I thing a good FAQ entry would be how this patch fits in
> with Suhosin
> > and what are the comparable/conflicting concepts, are they
> comp
On Thu, Aug 16, 2007 at 09:50:30PM +0800, hshh wrote:
> I try to disable eval() function in php script, but
> failed. In php.ini disable_functions=eval is not work,
> but other functions.
> So, is it possible to disable eval()? Thanks.
It don't work because eval() isn't a
Nick Edwards wrote:
So, is the general opinion here, from actual "factual experience" and
not because you read the same trashy bloggers as I did, in agreeance?
is it genuinely true that suhosin is now irrelevant with 5.4 upwards
and php is now much safer on its own?
Practical exp
process
} else { // child process:
while(true) {
sleep(10);
// do your work -- stripped
}
}
?>
do not work with:
PHP 5.1.2 with Suhosin-Patch 0.9.6 (cli) (built: Dec 12 2007 02:42:35)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Z
T var to be filled cause the readfile does work.
> Also, get requests, cookies and sessions do work... all cept for the
> POST data. I couldn't find any errors in the apache error_log.
>
> I think it's not browser related because I tested it another server and
> it did work u
Daevid Vincent wrote:
-Original Message-
From: mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 22, 2007 1:32 PM
I thing a good FAQ entry would be how this patch fits in
with Suhosin
and what are the comparable/conflicting concepts, are they
compatible
with each other etc
he apache error_log.
I think it's not browser related because I tested it another server and
it did work using FF and IE7.
Im using PHP Version 5.2.4_p20070914-pl2-gentoo, with suhosin and the
ZendOptimizer on Linux AMD64. I've also set the max_post and max_upload
to 1024M for testing..
Eddie Drapkin wrote:
Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
I brought it up because suhosin catches many exploits that otherwise get
through, including exploits that allow inclusion of remote files that
can then be used to run
Ok, so I know this might start flame wars, but... here goes ;)
It seems suhosin is dead as far as 5.4 goes, now, some make
allegations that it is no longer needed since php has allegedly
incorporated much of its safe guards, but these claims are from self
proclaimed experts (a term i use very
, but other functions.
> > So, is it possible to disable eval()? Thanks.
>
> It don't work because eval() isn't a function.
>
> The Suhosin protection system would let you do so. If an option:
> http://www.hardened-php.net/suhosin/configuration.html#suhosin.executo
Hi - my phpMyAdmin and suhosin are not playing nice.
The reality is that I'm only using phpMyAdmin for stuff I haven't yet
written an admin interface to in my app, to avoid having to log in via
ssh to change stuff. But I'll probably keep phpMyAdmin around anyway.
Yes, I read th
On Thu, Nov 4, 2010 at 12:08, David Oros wrote:
> Hi,
>
> I am just wondering if anybody have the same experience. Yes, I noticed that
> the Suhosin forum is down for maintenance, as soon as possible I will write
> them too.
>
> Answer to the question about apache, yes I di
/bin/env php
0) {
exit(0); // close parent process
} else { // child process:
while(true) {
sleep(10);
// do your work -- stripped
}
}
?>
do not work with:
PHP 5.1.2 with Suhosin-Patch 0.9.6 (cli) (built: Dec 12 2007 02:42:35)
Copyright (c) 1997-2006 The
On Tue, Nov 9, 2010 at 02:55, Tseveendorj Ochirlantuu
wrote:
> Hello,
>
> I would like to know what is the difference between follows.
>
> PHP 5.3.2-1ubuntu4.5 with Suhosin-Patch (cli) (built: Sep 17 2010 13:49:46)
>
>
> and
>
> PHP 5.1.6-pl6-gentoo (cgi-cgi)
T
Andrew Ballard wrote:
I've found database session storage requires extra diligence in error handling.
When I see that error at 0 it is usually because something blew up either before
the session handler was ready or after it was torn down.
Found the culprit ...
Suhosin
this:
>>
>> #!/usr/bin/env php
>> >
>> $pid = pcntl_fork();
>> if ($pid == -1) {
>> die('Fork failed!');
>> } else if($pid> 0) {
>>
>> exit(0); // close parent process
>>
>> } else { // child process:
>>
&
st line of what I pasted below:
php -v:
PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Sep 12 2007 08:59:52)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Segmentation fault (core dumped)
In my experience, the Suhosin patch (while exc
On 03/08/2013 18:50, Lester Caine wrote:
Practical experience is that suhosin does not actually work with 5.4?
Not without _unofficial_ patch(es) see attached for sessions, if it
doesnt go through on list you can find the patch on github
I've had to disable it because of problems
I figured out that I was running an older version of Suhosin. Apparently
this bug is fixed in Suhosin version 0.9.23 . I upgraded and everything
works great now. Thanks for the help.
Thodoris wrote:
>
>
> If no salt is provided, PHP will auto-generate a standard two character
make sense.
Did you actually try his example?
Some browsers may have some client side protection and not execute it. I
believe suhosin protects against it server side.
NoScript would block it, even if you had scripts enabled globally.
foo
Put that on a server w/o suhosin, turn of
else { // child process:
>
>while(true) {
> sleep(10);
>// do your work -- stripped
>}
> }
> ?>
>
> do not work with:
> PHP 5.1.2 with Suhosin-Patch 0.9.6 (cli) (built: Dec 12 2007 02:42:35)
> Copyright (c) 1997-2006 The PHP Group
> Ze
On Wed, August 22, 2007 3:31 pm, mike wrote:
>> I thing a good FAQ entry would be how this patch fits in with
>> Suhosin
>> and what are the comparable/conflicting concepts, are they
>> compatible
>> with each other etc.
>>
>> http://www.hardened-php.net
e Apache 2.0 license and can be
> obtained from http://gasp.coresecurity.com/.
Sounds interesting.
I thing a good FAQ entry would be how this patch fits in with Suhosin
and what are the comparable/conflicting concepts, are they compatible
with each other etc.
http://www.hardened-
On 19 Oct 2006, at 02:30 , Roman Neuhauser wrote:
# [EMAIL PROTECTED] / 2006-10-18 10:57:52 -0600:
php -v
PHP 5.1.6 with Suhosin-Patch 0.9.5 (cli) (built: Oct 18 2006
08:36:59)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
The
er is running an
old version of OpenSUSE, and php --version returns:
PHP 5.2.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Dec 12 2007 03:51:56)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
I get the same response on an Ubuntu 8.04 LTS server with P
exit(0); // close parent process
> >
> > } else { // child process:
> >
> >while(true) {
> >sleep(10);
> >// do your work -- stripped
> >}
> > }
> > ?>
> >
> > do not work with:
> > PHP 5.1.2 wi
ks = On
>
> In case I set this to Off it just stops bugging me. But is there a
> memory leak?
yes.
> And if yes should I report this as a bug ?
if (
1. report_memleaks is a core php.ini setting (not suhosin) (I don't
recall)
2. you still get the leak if you
st me.
Thanks,
Sumit.
-- Forwarded message --
From: Michael A. Peters
Date: Fri, May 22, 2009 at 4:50 AM
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Eddie Drapkin
Cc: php-general@lists.php.net
Eddie Drapkin wrote:
> Suhosin is completely
> I thing a good FAQ entry would be how this patch fits in with Suhosin
> and what are the comparable/conflicting concepts, are they compatible
> with each other etc.
>
> http://www.hardened-php.net/suhosin/a_feature_list.html
>
>
> Both systems are liable to appeal to th
M
>>
>> and the last one I have just noticed (that is why it reports the leak):
>>
>> report_memleaks = On
>>
>> In case I set this to Off it just stops bugging me. But is there a
>> memory leak?
>
> yes.
>
>> And if yes should I report thi
input_time = 60
>>> max_execution_time = 120
>>> memory_limit = 128M
>>>
>>> and the last one I have just noticed (that is why it reports the leak):
>>>
>>> report_memleaks = On
>>>
>>> In case I set this to Off it jus
Ben Dunlap wrote:
> Jim Lucas wrote:
>>> I expected 'no match' but get 'match'.
> [8<]
>> cut/paste your code and it works for me.
>
> Works for me as well. I get 'no match' from PHP 5.1.2, 5.2.6, and 5.2.8. What
> version do you h
mike wrote:
I thing a good FAQ entry would be how this patch fits in with Suhosin
and what are the comparable/conflicting concepts, are they compatible
with each other etc.
http://www.hardened-php.net/suhosin/a_feature_list.html
Both systems are liable to appeal to the same sort of people so
Hi
On Thursday 25 January 2007 02:16, Richard Lynch wrote:
> On Wed, January 24, 2007 9:17 am, Sancar Saran wrote:
> > After updating company test server to dotdeb 5.2.0 it star to give
> > memory
> > problems (even 32mb session). I tought it was because of suhosin. And
&g
c3bbc
Why is the "-r" command line version different?
man php:
Using parameter -r you can directly execute PHP code simply as
you
would do inside a .php file when using the eval() function.
develo...@mypse:~$ php -v
PHP 5.2.4-2ubuntu5.10 with Suhosin-Patch 0.9.6.2 (cli)
Eddie Drapkin wrote:
> Suhosin is completely not-related to SQL, though, I don't know why you'd
> bring it up...
Well, because the post that I was replying to brought it up and I happen
to agree that it's a good idea even though it has nothing to do with SQL :-)
>&g
> -Original Message-
> From: mike [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 22, 2007 6:22 PM
> On 8/22/07, Chris <[EMAIL PROTECTED]> wrote:
> > I'm agreeing with the ideas behind Grasp & Suhosin - I'm just
> > disagreeing wit
idea please suggest me.
>
>
> Thanks,
>Sumit.
>
>
>
>
>
>
>
> -- Forwarded message --
> From: Michael A. Peters
> Date: Fri, May 22, 2009 at 4:50 AM
> Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
> To: Eddie Drapkin
> Cc: php-gen
velo...@mypse:~$ php -a
> Interactive shell
> php > echo md5(strtoupper('$12345678'));
> 2d05c0e3d6d22343123eae7f5678e34c
>
> develo...@mypse:~$ php -r "echo md5(strtoupper('$12345678'));"
> b3275960d68fda9d831facc0426c3bbc
>
> Why is the "-r" command line version d
Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
>
>
>
> On Thu, May 21, 2009 at 3:42 PM, Shawn McKenzie wrote:
>
>> Michael A. Peters wrote:
>> > Sumit Sharma wrote:
>> >> Hi,
>> >>
>
Hello,
I would like to know what is the difference between follows.
PHP 5.3.2-1ubuntu4.5 with Suhosin-Patch (cli) (built: Sep 17 2010 13:49:46)
and
PHP 5.1.6-pl6-gentoo (cgi-cgi)
One is "cli" another is "cgi-cgi" .
Sincerely,
Tseveen.
On Wed, January 24, 2007 9:17 am, Sancar Saran wrote:
> After updating company test server to dotdeb 5.2.0 it star to give
> memory
> problems (even 32mb session). I tought it was because of suhosin. And
> I
> cannot update that server to vanilla debian php5 package because it
>
shell
> php > echo md5(strtoupper('$12345678'));
> 2d05c0e3d6d22343123eae7f5678e34c
>
> develo...@mypse:~$ php -r "echo md5(strtoupper('$12345678'));"
> b3275960d68fda9d831facc0426c3bbc
>
> Why is the "-r" command line version differe
be right there in the directory where you started,
or maybe in Apache's bin directory. But somewhere where you would
expect to find it.
You may also want to check with the Suhosin folks before you post a
bug to bugs.php.net, as the first response at bugs.php.net is to take
Suhosin out of th
el A. Peters
>> Date: Fri, May 22, 2009 at 4:50 AM
>> Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
>> To: Eddie Drapkin
>> Cc: php-general@lists.php.net
>>
>>
>> Eddie Drapkin wrote:
>>
>> > Suhosin is completely not-r
(at least according to their bug system) but does not
work properly.
suhosin module builds and works but kills the ability of pear to
properly work (pear packages work fine, it's the package management that
suhosin kills - can't even list channels w/o segfault)
Many of the
Be sure to compile with hardened suhosin patch...
RD
On Nov 18, 2010, at 12:12 PM, Kaushal Shriyan wrote:
> Hi,
>
> Can the php source code be secured ?
>
> Thanks
>
> Kaushal
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, vi
Jim Lucas wrote:
> Ben Dunlap wrote:
>> Jim Lucas wrote:
>>>> I expected 'no match' but get 'match'.
>> [8<]
>>> cut/paste your code and it works for me.
>> Works for me as well. I get 'no match' from PHP 5.1.2, 5.2.6
]
error_reporting = E_ALL & ~E_DEPRECATED ;;or E_ALL ^ E_DEPRECATED
display_errors = Off
log_errors = On
error_log = /var/log/php-fpm/php-errors.log
[ PHP ]
5.3.3 + suhosin patch 5.3.3-0.9.10 + suhosin extension 0.9.32.1
pecl: imagick-3.0.1RC1, APC-3.1.3p1, geoip-1.0.7, rar-2.0.0
php configure: in
ct same script works fine on one machine, but not the other,
given that apache and php configs are the same.
flu:~# apache2 -v
Server version: Apache/2.2.16 (Debian)
Server built: Mar 22 2011 20:56:31
flu:~# php -v
PHP 5.3.3-7+squeeze1 with Suhosin-Patch (cli) (built: Mar 18 2011 17:22:52)
Copyrig
Hi!
I'm stuck.
I don't understand why the php CLI dies after 3 hours in my script.
Any idea to solve?
Thanks
PHP 5.2.9-0.dotdeb.2 with Suhosin-Patch 0.9.7 (cli) (built: Apr 7 2009
20:06:36)
Linux ubuntu 2.6.24-19-server #1 SMP Wed Jun 18 14:44:47 UTC 2008 x86_64
GNU/Linux
Con
Frank J. Schima wrote:
> The ID never changed for me.
>
> PHP 5.2.0
> Apache 1.3.33
> Mac OS X 10.4.8
Cheers mate.
I guess that could mean its:
* Apache 2 thing
* x86_64 thing
* suhosin thing
* mandriva thing
More tests to narrow those down would be appreciated if anyone
Hey folks..
Anybody ever use APC to show upload progress?
It sounds really cool, but apc_fetch always returns false a value for
uploads. I can apc_add something and fetch it, but not for uploads : (
(set-up: php-apc 3.0.19, Apache2, php 5.2.10, no suhosin patch)
There is little info to
On Tue, Apr 1, 2008 at 10:04 AM, Richard Lynch <[EMAIL PROTECTED]> wrote:
>
> PHP runs as the Apache user.
>
> chown/chmod the source files to not be writable by that user.
>
> Problem solved.
Let's not ignore phpSuExec or suhosin, which are fast-becoming
s
> error_log = /var/log/php-fpm/php-errors.log
>
> [ PHP ]
> 5.3.3 + suhosin patch 5.3.3-0.9.10 + suhosin extension 0.9.32.1
> pecl: imagick-3.0.1RC1, APC-3.1.3p1, geoip-1.0.7, rar-2.0.0
> php configure: in the appendix
>
> [ Expected result ]
> php-errors.log containing all e
redentials should end
> in .php and not .inc, and if at all possible, should be outside the web
> root (you can modify the include path to add a directory outside the web
> root that has includes - or include the file full path).
>
> Make sure error reporting is turned off on the pr
r...@ekster:~$ uname -a
Linux ekster 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC 2009
i686 GNU/Linux
r...@ekster:~$ apache2 -v
Server version: Apache/2.2.12 (Ubuntu)
Server built: Nov 12 2009 22:49:46
r...@ekster:~$ php -v
PHP 5.2.10-2ubuntu6.3 with Suhosin-Patch 0.9.7 (cli
uot;22:44:57";s:7:"Process";s:14:"openvpn[31938]";s:3:"Log";s:25:"UDPv4
link local: [undef]";}}';
?>
When you execute bug.php, you will get an empty array printed out:
Array
(
)
But actually, $output should have contained the string above as elemen
On Mon, 2009-10-12 at 13:21 -0300, Jonathan Tapicer wrote:
> Confirmed, it also happens to me on Linux, PHP version:
>
> PHP 5.2.4-2ubuntu5.7 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 21
> 2009 19:52:39)
> Copyright (c) 1997-2007 The PHP Group
> Zend Engine v2.2.0, Copyright
would like to know what is the difference between follows.
>
> PHP 5.3.2-1ubuntu4.5 with Suhosin-Patch (cli) (built: Sep 17 2010 13:49:46)
>
>
> and
>
> PHP 5.1.6-pl6-gentoo (cgi-cgi)
>
>
>
> One is "cli" another is "cgi-cgi" .
>
> Si
On 8/22/07, Chris <[EMAIL PROTECTED]> wrote:
> I'm agreeing with the ideas behind Grasp & Suhosin - I'm just
> disagreeing with Daevid's comment about them only being for 'newbie'
> installations.
oh, most definately. i consider myself a very tight c
On Wed, Jul 30, 2008 at 4:53 PM, JJB <[EMAIL PROTECTED]> wrote:
>
> Hi Daniel,
>
> We are running like:
> php mailscript.php
>
> The version:
>
> php-v
>
> PHP 5.2.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Dec 12 2007 03:51:56)
Did you check what Jim su
created unless you create
it in your code, making insertion of XSS code into your site a lot more
difficult.
Also, I highly recommend you use a server that has php hardened by suhosin.
http://www.hardened-php.net/suhosin/
A lot of the exploits (IE from sloppiness with globals) that are fou
whatever you do, if you
> are starting from scratch, use the php xml DOMDocument class to build
> your pages.
>
> So many of the content management systems out there have XSS exploit
> after XSS exploit after XSS exploit.
>
> By using DOMDocument, a script node can not be created
er_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
> zend_optimizer.version=3.3.3
>
>
> zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
> zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
>
> Does APC not play nice with any of these?
if i were to guess, those zend_optimizer ones, or less likely, suhosin.
afaik, zend_optimizer and apc arent buddies,
http://www.webdeveloper.com/forum/showthread.php?t=178217
-nathan
/2.2.3 OpenSSL/0.9.7e-p1 DAV/2
PHP/5.2.0 with Suhosin-Patch mod_ruby/1.2.5 Ruby/1.8.5(2006-08-25) SVN/1.4.2
mod_jk/1.2.15
X-Powered-By: PHP/5.2.0
Set-Cookie: PHPSESSID=WJ33PpO,nphiPAVxrbrWrQEnO5a; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, pos
22c9382b40e3edf
>>
>> Thanks let me know how I should proceed with this.
>
> Confirmed here. I get different hashes, but the same pattern:
>
> a1: 79eff28a9757f1a526882d82fe01d0f3
> a2: 4cec55f17563fe4436164f438de7a88c
> a3: 79eff28a9757f1a526882d82fe01d0f3
> a4:
ain.c(2015) : Freeing
0x2871F2A8 (43 bytes), script=./bcom.php
=== Total 1 memory leaks detected ===
This is hosted on a FreeBSD 7 machine with:
PHP 5.2.8 with Suhosin-Patch 0.9.6.3 (cli)
Anyone knows what is happening ??
I have to mention that the array is printed as expected.
--
Thodoris
--
P
e to know why, since it's being depracted anyway:
http://nl.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
I'm on
PHP 5.2.10-2ubuntu6.4 with Suhosin-Patch 0.9.7 (cli) (built: Jan 6
2010 22:41:56)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2
On Thu, Dec 16, 2010 at 6:37 PM, David Harkness
wrote:
> According to the manual page for setAccessible() [1] the feature is
> available with 5.3.2, and I'm running
>
>5.3.2-1ubuntu4.5 with Suhosin-Patch (cli) (built: Sep 17 2010 13:49:46)
>
> so I should be good t
orks. So, what happened? Was there a php
> update that prohibited that sort of behavior or did hosts start setting
> something to OFF, or what?
>
> If you know, please explain.
>
> Thanks,
>
> tedd
Most likely like magic_quotes_gpc. Suhosin-Patch may protect
2008/10/17 Nathan Rixham <[EMAIL PROTECTED]>:
> Evening All,
>
> I'd be /really/ interested to know who uses what!
>
> *Procedural or OOP?*
OOP but sometimes i have to procedural.
> *Dev OS*
Gentoo Linux
> *Dev PHP Version*
PHP 5.2.6-pl7-gentoo with Suhosin-
e. (mysql doesnt act like apache or openvpn).
Am i missing something? Or is that the default behavior of
linux/apache/php/sockets ???
Additional Information about OS etc.
Server/Client Debian LennyApache 2.2.9PHP 5.2.6-1+lenny9 with
Suhosin-Patch 0.9.6.2 (cli) (built: Aug 4 2010 06:0
(570-) 766-8107
> >
> > If at first you don't succeed, stick to what you know best so that you
> > can make enough money to pay someone else to do it for you.
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
You may try the suhosin patch:
http://www.hardened-php.net/suhosin/
I'm using FreeBSD and the current versions of php comes with it
selected by default (probably for a good reason)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Robert Cummings wrote:
That echo benchmark though... WTF!
Yup similar numbers here tho' not quite as staggering on my setup:
PHP 5.2.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 25 2008 10:09:21)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008
On Tue, 2008-09-02 at 12:58 -0700, mike wrote:
> As an additional note suhosin can transparently encrypt and decrypt
> your session data for reasons just like the /tmp issue. It happens
> without you needing to configure anything (except to enable or disable
> it) I think it i
Hi,
I have a apache2/php app written for php version 4 and have moved it to a
system running php version 5:
Old: PHP 4.3.10
New: PHP 5.2.6 with Suhosin-Patch 0.9.6.2
When I run the app I find that $_REQUEST is almost empty. it contains
PHPSESSID but none of the data submitted through an
On Thu, 2009-06-11 at 10:47 +, Jean-Pierre Arneodo wrote:
> Hi!
> I'm stuck.
> I don't understand why the php CLI dies after 3 hours in my script.
> Any idea to solve?
> Thanks
>
>
> PHP 5.2.9-0.dotdeb.2 with Suhosin-Patch 0.9.7 (cli) (built: Apr 7 2009
Hi,
After updating company test server to dotdeb 5.2.0 it star to give memory
problems (even 32mb session). I tought it was because of suhosin. And I
cannot update that server to vanilla debian php5 package because it was a
sarge so today my company gives me another debian etch (like my home
write for PHP4 if
someone would request a custom job but everything else will be 5.
My dev machine is running PHP 5.3 with Suhosin-Patch (ARCH Linux) and my
main server is currently running PHP 5.1 (CentOS 5)
--
John
Intelligent Life
http://xkcd.com/638/
--
PHP General Mailing List (http
1 - 100 of 276 matches
Mail list logo
