[TYPO3-core] RFC #12436: Integrate checks concerning Suhosin/Hardened PHP in Install Tool

Marcus Krause marcus#exp2009 at t3sec.info
Sat Nov 7 19:22:18 CET 2009


Oliver Hader schrieb:
> Hi Marcus,
> 
> Marcus Krause schrieb:
>> Hi,
>>
>> Rupert Germann schrieb:
>>> Hi,
>>>
>>> this is a SVN patch request.
>>>
>>> Type: Bugfix
>>>
>>> Bugtracker references:
>>> http://bugs.typo3.org/view.php?id=12436
>>>
>>> Branches: Trunk
>>>
>>> Problem:
>>> The Suhosin/Hardened PHP Project allows to set limits to several PHP
>>> transmission (e.g. number of POST arguments) that might result to
>>> misbehaviours in TYPO3, in e.g.
>>> * Install-Tool: All configuration
>>> * Install-Tool: DB Analyzer
>>> * Inline Releational Record Editing with nested child records
>>>
>>> Solution:
>>> A part in the install tool should check whether Suhosin is active and
>>> whether the PHP configuration for that should be changed - e.g.:
>>> * suhosin.request.max_vars - default is 200, should be 500 or more
>>> * suhosin.post.max_vars - default is 200, should be 400 or more
>> Are there any tests/bug reports that indicate the necessity to raise
>> those limits?
>> On the first glance the defaults seem to be suffcient.
> 
> ... as pointed out in the problem description.
> All configuration in install tool produces about 190 items, combined
> with some cookies, it could reach the request limit of 200.

Thanks for the numbers; that's all I was asking or. ;-)

+1 by reading (patch doesn't cleanly apply to current trunk)

Marcus.


More information about the TYPO3-team-core mailing list