On 03/08/2013 18:50, Lester Caine wrote:
Practical experience is that suhosin does not actually work with 5.4?
Not without _unofficial_ patch(es) see attached for sessions, if it
doesnt go through on list you can find the patch on github
I've had to disable it because of problems with session handling
amongst other
things and don't have time to investigate why.
There was a patch on suhosin mailing list for that, a few people who
tried it out said it worked. I've not yet bothered, but...
I saw a post from Steffen saying he has no time for suhosin and the
project is being taken over by someone else, I think the jury is out on
if it will ever revive, in meantime, php 5.3 works fine. if only php
devs would stop fscking changing everything every time they release a
new version, frustrating to many.
And people who reply on mod_security are no more protected than what is
being done here, since mod_security has not had the best track record
itself in the past.
Would I prefer to re-enable it - YES - and it's one of a number of
reasons that
have been making switching currently stable PHP5.2 servers over to 5.4
less
attractive.
The amount of time I'm wasting on coping with many of the so called
improvements
across the whole Linux platform is making me feel that commercial
interests are
Thats why I recommend distros that dont want to change the world and
stick by tried and time proven, like slackware and gentoo, but this isnt
an os flame against others, I use opensuse as well on pc's and laptops.
Everything just looks after itself :)
From 117b6aa6efec61afaa1431c698dad8eb553b55f5 Mon Sep 17 00:00:00 2001
From: Olivier Blin <d...@blino.org>
Date: Sun, 31 Mar 2013 01:15:48 +0100
Subject: [PATCH] Fix saving sessions in PHP 5.4 with user session handlers
(fix #12)
When session storage functions are set with session_set_save_handler()
(this is the "mod_user" mode), mod_data will be NULL in PHP 5.4, and
suhosin session hooks will bail out.
PHP 5.4 allows to check this with mod_user_implemented instead.
---
session.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/session.c b/session.c
index 1045a93..513c195 100644
--- a/session.c
+++ b/session.c
@@ -728,7 +728,12 @@ static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int
}*/
/* protect dumb session handlers */
- if (key == NULL || !key[0] || *mod_data == NULL) {
+ if (key == NULL || !key[0] ||
+ (*mod_data == NULL
+#if PHP_VERSION_ID >= 50400
+ && !SESSION_G(mod_user_implemented)
+#endif
+ )) {
regenerate:
SDEBUG("regenerating key is %s", key);
KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC);
@@ -777,7 +782,12 @@ static int suhosin_hook_s_write(void **mod_data, const char *key, const char *va
char *v = (char *)val;
/* protect dumb session handlers */
- if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
+ if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) ||
+ (*mod_data == NULL
+#if PHP_VERSION_ID >= 50400
+ && !SESSION_G(mod_user_implemented)
+#endif
+ )) {
r = FAILURE;
goto return_write;
}
@@ -820,7 +830,12 @@ static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC)
int r;
/* protect dumb session handlers */
- if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) {
+ if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) ||
+ (*mod_data == NULL
+#if PHP_VERSION_ID >= 50400
+ && !SESSION_G(mod_user_implemented)
+#endif
+ )) {
return FAILURE;
}
--
1.8.1.5
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
