Dear developers,
yesterday I have activated the
Suhosin-Extension http://www.hardened-php.net/suhosin/how_to_install_or_upgrade.html#installin...
with the following settings.
### [suhosin]
suhosin.simulation = on
/* gal/php.ini */ suhosin.session.encrypt = Off
suhosin.log.syslog = 0 /* S_ALL */ suhosin.log.sapi = 511 suhosin.log.file = 511 suhosin.log.file.name = /home/phpapps/installed/logs/php-suhosin.log suhosin.log.use-x-forwarded-for = on suhosin.executor.include.max_traversal = 2 suhosin.executor.disable_eval = on suhosin.executor.disable_emodifier = on suhosin.memory_limit = 1 ###
I get a lot of following messages in the php-suhosin.log
### Oct 16 16:07:53 [30611] ALERT-SIMULATION - use of eval is forbidden by configuration (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/rcube_template.php', line 782)
Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: strpos() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 540)
Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: strtr() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 554)
Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: preg_replace() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 557)
Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: nl2br() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 559) ###
Do you know this issue with suhosin? Do you plan to move to another template engine or do you stay on your own?
BR Aleks _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80