HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


The PHP Suhosin extension

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#97920 (In Topic #19368)

Honoured member

I went to "Edit in zone editor," and either this message just popped up or I've never noticed it before:

Code

The PHP Suhosin extension is configured with asuhosin.post.max_totalname_length
setting that is too small. This will stop this form for saving. Please consult the
recommended.htaccessfile, or your web host.
The PHP Suhosin extension is configured with asuhosin.request.max_totalname_length
setting that is too small. This will stop this form for saving. Please consult the
recommended.htaccessfile, or your web host.

So I looked inside the recommended.htaccess file and copied the lines:

Code

php_value suhosin.post.max_vars "2000"
php_value suhosin.request.max_vars "2000"
php_value suhosin.cookie.max_vars "400"
php_value suhosin.cookie.max_name_length "150"
php_value suhosin.post.max_value_length "100000000"
php_value suhosin.request.max_value_length "100000000"
php_value suhosin.post.max_totalname_length "10000"
php_value suhosin.request.max_totalname_length "10000"
php_flag suhosin.cookie.encrypt off
php_flag suhosin.sql.union off

and now I'm getting a 500 error when trying to access my site.  I went back in and deleted those lines and it's back up, but I'm still getting the errors.  Did I copy something wrong?
Back to the top
 
Posted
Rating:
#97921
Avatar

If PHP is running as CGI, unfortunately you cannot do this. I will take a look at this later. I suspect the error may be a bit oversensitive. There are a few forms on the zone editor and it probably counts them together when it shouldn't really.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#97924
Avatar

Okay, so we were actually running an approximation on this. I have altered the code to do it accurately, and the zone editor on your site is using 137 of the default suhosin 256 limit.

I have an intense dislike to webhosts shoving ill-considered defaults from unofficial sources on there (if suhosin was agreed as a good thing, it'd be part of the standard PHP). Even though we're not really exceeding 256, it is an absolutely tiny limit: if the form had 25 fields rather than 15 we'd be over that limit.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#97925
Avatar

Right, a bit more info. Your server is running FastCGI, which means that you cannot easily change the PHP settings. It might be possible via a special cpanel setting, but I don't know if it is off-the-top-of-my-head. If you get this warning again I'd advise discussing it with the web host. Give them the URL to the form it happens and tell them you're only trying to do something reasonable on the server and they're placing unreasonable restrictions. That should make them change their default ;).


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#97930

Honoured member

Thanks Chris, everything you said makes sense.  I've been very unhappy with my host for some time now.  A while back they install Mod Security on the server and from that time on everytime I install a copy of ocP I have to fight tooth and nail with them till they relax match pairs on the account till it works right.  I understand the need for security, but it's a little rediculous.  I'll be moving my personal sites to Arvixe the first of the month, which I signed up for through a link off the Download page here.  I'm assuming it was an affiliate link.  I had been doing some web hosting for friends and such for a few years now, but I've got so many irons in the fire these days that it's all I can do just to keep content on my own site up and fresh.  I really liked the fact that Arvixe supports ocPortal to the point of having an auto install when you sign up for their service.  Maybe things like this will be in the past for me now.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: