Hi Thomas > On 15.01.2015, at 21:08, Thomas Spuhler <[email protected]> wrote: > > On Thursday, January 15, 2015 08:25:33 PM Konrad wrote: >> I'm running RC with PHP 5.6 on Windows using IIS and it performs great. >> So, there is no general compatibility issue. >> >> Konrad >> >> Am 15.01.2015 um 17:45 schrieb Thomas Spuhler: >>> After upgrading php to version 5.6 with all related packages such as >>> apache, I cannot log into >>> my >>> mail account anymore (I am running my own e-mail test server on a >>> virtualbox) >>> >>> I think I am honing in on the problem: >>> I upgraded everything from mageia4 to mageia5 but not: >>> roundcubemail >>> php >>> apache >>> >>> and I do not have problem to login. After updating php (with all php >>> related packages) and >>> apache, I get the following error in journalctl httpd.service >>> >>> Jan 14 17:59:41 vbox.btspuhler.com suhosin[4907]: ALERT - ASCII-NUL chars >>> not allowed within >>> request variables - dropped variable '_url' (attacker '127.0.0.1', file >>> '/usr/share/roundcubemail/index.php') Jan 14 17:59:41 vbox.btspuhler.com >>> suhosin[4907]: ALERT - >>> dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker >>> '127.0.0.1', file >>> '/usr/share/roundcubemail/index.php') >>> >>> Has anybody else experienced this? >>> >>> >>> >>> _______________________________________________ >>> Roundcube Users mailing list >>> [email protected] >>> http://lists.roundcube.net/mailman/listinfo/users > > Is the php-5.6 on windows running with suhosin? > > -- > Best regards > Thomas Spuhler
We're running Roundcube 1.0.4 on Debian Wheezy Apache 2.2.22, PHP 5.6.4, Suhosin v0.9.37.1 - without any issues! When we started with Roundcube (quite some years ago...) we had to disable suhosin.session.encrypt: suhosin.session.encrypt = Off This is probably still required in RC 1.0.x, but I'm unsure about it. We have never encountered any "ASCII-NUL chars not allowed" Suhosin ALERTs with Roundcube. Good luck! -- Philip Iezzi Onlime Webhosting http://www.onlime.ch _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
