Sysadmin grodoudou suhosin bug30 24 10 2012 - Seizam/seizamcore GitHub Wiki

FIX bug 30 (Suhosin and img_auth with special characters)

• user : root
• host : grodoudou.seizam.com
• date : 10/01/13 11:39
• curpath : /root

• Edit /etc/php5/apache2/php.ini, see [1]

 [email protected]# /etc/init.d/apache2 reload

• [1] Edit /etc/php5/apache2/php.ini

--- old	2013-01-10 11:40:09.000000000 +0000
+++ new	2013-01-10 11:42:36.000000000 +0000
@@ -1860 +1860,11 @@
 suhosin.get.max_value_length=1024
+
+; When set to On the dangerous characters <>"'` are replaced with ? in
+; the server variables PHP_SELF, PATH_TRANSLATED and PATH_INFO. This will
+; protect against some XSS vulnerabilities.
+;
+; THIS FEATURE HAS BEEN DISABLED BECAUSE IT BREAKS img_auth.php
+;
+suhosin.server.strip=0
+
+