Previous Thread
Next Thread
Print Thread
Rate Thread
#320773 02/02/2015 6:45 AM
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
the current release 7.5.9 has:
Code
// suhosin Check by VNC Web Services (http://www.virtualnightclub.net/)
if(extension_loaded("suhosin") && ini_get("suhosin.get.max_value_length")) {
if(ini_get("suhosin.get.max_value_length") <= 2048) {
$suhosin = "You may experience issues with a blank configuration file if you continue, please see <a href=\"http://www.ubbwiki.com/article/view/16/issues-with-suhosin.html\" target=\"_blank\">UBBWiki: Issues with suhosin</a>; this issue pertains to the settings of the suhosin module with your webhost. Your current suhousin length is: ". ini_get("suhosin.get.max_value_length") .".";
} else {
$suhosin = "";
}
}
So the way I read it , it only reads
suhosin.get.max_value_length.
if it is less than or equal to 2048 show a warning( add it to $suhosin).
If it is greater than 2048 then the $suhosin value is null.

Now I see Giz has a new enhanced release for this check.

But at ubb I think jake's issue was well founded.
probably the host removed suhosin as was quoted.

I guess I need to build a sandbox with a shared host account for 7.5.9 and +.


There is no such thing as stupid questions.
Just stupid answers.
Sponsored Links
#320776 02/02/2015 6:45 AM
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
I've been hard at work on the Suhosin detection and a Suhosin Information display which will give the user data on what setting is recommended, what settings are being used, and what the default data is.

Data for recommendations is utilized as referenced from PHPMyAdmin's doc's (I had to reference a big project).

A bug was also discovered with my initial check and will be updated in the next version (I used equal to or less than, rather than less than, in my test code and didn't get it updated).

If your webhost is running the recommended settings and you're still seeing the warning, you can fix this by editing admin/login.php
Find:
Code
// suhosin Check by VNC Web Services (http://www.virtualnightclub.net/)
if(extension_loaded("suhosin") && ini_get("suhosin.get.max_value_length")) {
if(ini_get("suhosin.get.max_value_length") <= 2048) {
$suhosin = "You may experience issues with a blank configuration file if you continue, please see <a href=\"http://www.ubbwiki.com/article/view/16/issues-with-suhosin.html\" target=\"_blank\">UBBWiki: Issues with suhosin</a>; this issue pertains to the settings of the suhosin module with your webhost. Your current suhousin length is: ". ini_get("suhosin.get.max_value_length") .".";
} else {
$suhosin = "";
}
}

Replace With
Code
// suhosin Check by VNC Web Services (http://www.virtualnightclub.net/)
if(extension_loaded("suhosin") && ini_get("suhosin.get.max_value_length")) {
if(ini_get("suhosin.get.max_value_length") < 2048) {
$suhosintxt = "You may experience issues with a blank configuration file if you continue. Please see \"<a href=\"http://www.ubbwiki.com/article/view/16/issues-with-suhosin.html\" target=\"_blank\">UBBWiki: Issues With Suhosin</a>\". This issue pertains to the settings of the suhosin module with your webhost.";
$suhosinsize = ini_get("suhosin.get.max_value_length") ;
} else {
$suhosintxt = "";
$suhosinsize = "";
}
}

The new check that I'm working on will check the following settings:
Quote
suhosin.get.max_value_length < 1024
suhosin.request.max_vars < 2048
suhosin.post.max_vars < 2048

Versus:
Quote
suhosin.get.max_value_length < 2048

For users with Suhosin installed, if you'd be interested in testing the new Suhosin check/info center PLEASE send me a PT or an email james[at]virtualnightclub[dot]net and I'll give you the latest set of coding (you must be running 7.5.8+ in order to use the new code).


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
Yeah, as noted in my OP, the check has an error, the equal can be removed in the check.

The check in a future build is enhanced and has a statistics page; you can test it from here. Once testing is done this archive will be removed.

Note that only users who have Suhosin installed need to test the checker; I've tested it all I can with dummy data.

Screen shots would be most appreciated of your display of the Suhosin Information page.


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
Well My suhosin value length is only 512.
I tried the fix you posted above in the 2nd post even though it is only 512 and the message does not appear at all now.

It all looks correct unless there is some phantom cr/lf in the code.

Anyway I will try your new enhanced version next.


There is no such thing as stupid questions.
Just stupid answers.
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
Hey Ruben; could I convince you to give me FTP access to your site to test this? I can only get so far without having suhosin installed on my server...


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Sponsored Links
Gizmo #320823 02/18/2015 10:11 AM
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
Otay!
I did muddyup the login.php file a bit.
I have not tried your new enhanced version.
Check your pm


There is no such thing as stupid questions.
Just stupid answers.
Gizmo #320824 02/18/2015 11:34 AM
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
Ok, will try to get a look at it tonight, if not (just found out I have to do a presentation for Trey's school) definitely tomorrow.


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Gizmo #320825 02/18/2015 12:04 PM
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
Ok, well, one, I love your password... Two, I've installed the full Suhosin script and found a few buggies.

As for your issue, I see you're well under the recommended values; go ahead and login to your forum and click the "Suhosin" link that now displays and let me know if anything is awry.

Last edited by Gizmo; 02/18/2015 12:04 PM.

UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Gizmo #320826 02/18/2015 12:23 PM
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
BTW, with the new version, it'll ALWAYS show the warning IF:
suhosin.get.max_value_length < 1024
suhosin.request.max_vars < 2048
suhosin.post.max_vars < 2048

The higher number is good...


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
My wife hates that password I have several similar to that.

looks okay.
But I have some questions/concerns.
First the message is the only indication on how to find the statistics.
And the hyperlink is only obvious when you hover over it.
Might be hard for people to find it.

Second on the statistics page I think it is a little busy with three columns.
Why not just display current and recommended?

Also maybe the colors should be different.
So they reflect a change is needed.
For example
Suhosin Status is green for default then red for current then green again for recommended. HUH???. I mean if suhosin is not installed we should not even be here. But why is it green on the default column and most of the others are red on the default column.

Now since my values are set below all the thresholds.
I don't know what is displayed when say some are met.
But I think the colors should indicate a needs attention like green for good and red for fail.

Anyway for a plus.
I think you went well above and beyond with the documentation and help guides for reference. A very nice touch for people that don't know what each value is for.


There is no such thing as stupid questions.
Just stupid answers.
Sponsored Links
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
Originally Posted by Ruben Rocha
First the message is the only indication on how to find the statistics.
And the hyperlink is only obvious when you hover over it.
Might be hard for people to find it.
Well, if it's not ON you don't need to get to the statistics page... In fact, if it's not on the statistics page is pretty blank (see below). The link will stand out a lot more once the new CP is done.

Originally Posted by Ruben Rocha
Second on the statistics page I think it is a little busy with three columns.
Why not just display current and recommended?
IMHO, a recommendation and default column are required as this page is meant so that one can alert their host and show the extreme differences in what the default vs recommended value are.

Originally Posted by Ruben Rocha
Also maybe the colors should be different.
So they reflect a change is needed.
For example
Suhosin Status is green for default then red for current then green again for recommended. HUH???. I mean if suhosin is not installed we should not even be here. But why is it green on the default column and most of the others are red on the default column.
Green is commonly good, red is commonly bad, blue is commonly neutral; I really fail to see how it's hard to understand... The colors vary based on what values are where (in fact, so does some of the page text as well). They also will be a lot easier to identify with the new Control Panel changes.

Originally Posted by Ruben Rocha
Now since my values are set below all the thresholds.
I don't know what is displayed when say some are met.
But I think the colors should indicate a needs attention like green for good and red for fail.
as they do; there are three photos attached, one from your site Suhosin on with default vars (7.5.9), one with the Suhosin override on which shows a-ok as far as settings go (pay no attention to the ui of the two images, lol), and one showing what it'd look like disabled.

Attachments
SuHosin On.png SuHosin Override.png SuHosin Disabled.png


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
whatever, I still tend to disagree.
But anyway your second attachment which is supposed to be good values.
Shows suhosin disabled and all the values as unset?????
What the hell does unset mean?


There is no such thing as stupid questions.
Just stupid answers.
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
... Values are set, "unset" means they haven't set a value... The key here is that these are settings you report to your host.

Like I said, my server doesn't have Suhosin installed, so test code just tries to load the variables, and as they aren't configured they aren't set; hence "unset". Generally you'd only have one or two of these that'd be unset, the only reason ALL of mine are unset is because the test code is enabled and it's populating the field with the current settings of the server.

I still fail to see whats wrong with "Good" (green), "Bad" (red), "Ignore" (blue).


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
Okay,maybe I will play with the settings to see what happens when they pass.
I just think it is to busy and should just have current and recommended only.
then maybe the colors will be okay for me
You already have urls for each setting that goes to suhosin.org which the details show the defaults.

Chill out just my 2 cents.


There is no such thing as stupid questions.
Just stupid answers.
Joined: Jan 2000
Posts: 5,833
Likes: 20
UBBDev / UBBWiki Owner
Time Lord
UBBDev / UBBWiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,833
Likes: 20
I'm really against removing the defaults column, if there are issues with a setting it provides more info to your host (who users will generally be reporting to) about the very small default values; these checks are generally for servers who just installed the module for security and didn't really configure it.

I pretty much designed this system for the admin to screen shot it and provide it to the host, as your host generally wouldn't have admin access to the UBB control panel. Thus, the links to the descriptions of everything wouldn't be passed along with a screenshot. The links are there so the admin can go and see what each variable is for, basically to enhance your argument that the setting should be increased.

The "unset"/blue wording will be very rare to see, outside of test code as when the module is installed via apt/yum or even compiling it manually, it should insert default values for these items.

And no need to "chill out", I'm perfectly fine; I'm just trying to provide details as a knowledgeable person who worked helpdesk and server administration for a webhost for 9 years; what is displayed there is the data I'd want to see vs being bombarded with links to various config options on a site vs just having the data displayed for me would make me want to go and look into the issue...


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, My UBB Scripts
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
Okay I just modded one value so it would pass and it looks okay.
current is green and recommended is green.

My opinion would be to make the default column a static normal color , not green,red or blue.
If you want to keep it there.

Making the color red on the default column just makes you think something is wrong with it. When you compare it to the other columns.

Still a great mod, Even if you ignore me. wink

FYI,
I have 4 sites with the same host same plan and I never have had issues with the config file.
But we need to start somewhere to nail it down for the users.


There is no such thing as stupid questions.
Just stupid answers.
Joined: Jan 2000
Posts: 254
Likes: 4
Beta Tester
Beta Tester
Joined: Jan 2000
Posts: 254
Likes: 4
Okay I looked at this a little more.
Then I suggest a legend for the colors.
And reading your statement
Quote
I'm just trying to provide details as a knowledgeable person who worked helpdesk and server administration for a webhost for 9 years; what is displayed there is the data I'd want to see vs being bombarded with links to various config options on a site vs just having the data displayed for me
For the average Joe dealing with a help desk.
You could get fancy and add a option to email the info to the host. Such as a email button or a text only screen that they can copy and place in a email to the support desk
Due to they probably don't know what most of it means anyway.


There is no such thing as stupid questions.
Just stupid answers.

Moderated by  Gizmo, isaac 

Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Posts: 70
Joined: January 2007
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)