Manual:Suhosin (Hardened-PHP Project patch and extension)

From MediaWiki.org
Jump to: navigation, search

Suhosin is a patch for the PHP code and, differently, an extension which hardens the PHP and aims to protect servers and users from known and unknown flaws in PHP. The Suhosin Hardened-PHP Project homepage is http://www.hardened-php.net/suhosin/ [1] .

The most common use is the dynamic linking of the Suhosin extension suhosin.so into PHP. Using the extension, you can for example in case of problems easily deactive the Suhosin extension in PHP by out-commenting the linking line in php.ini (shown below).

MediaWiki Extension[edit | edit source]

  • Extension:Suhosin can be used to adapt MediaWiki settings to the Suhosin extension's settings.

Suhosin extension settings for use with MediaWiki[edit | edit source]

When you downloaded and installed[2] the extension suhosin.so from http://www.hardened-php.net/suhosin/download.html , you should expressly set suhosin.get.max_value_length in your php.ini to a higher value (which overwrites the suhosin built-in default of 512), such as

[suhosin]
suhosin.get.max_value_length = 2048
; comment out the following line if you want to run your PHP without Suhosin extension
; for example, if the extension makes trouble
extension=suhosin.so

and in your MediaWiki LocalSettings.php add a corresponding setting for $wgResourceLoaderMaxQueryLength[3]

$wgResourceLoaderMaxQueryLength = 2048;

or add this code, which dynamically adapts to the suhosin.get.max_value_length setting in php.ini but upper limited by your $wgResourceLoaderMaxQueryLength :

$wgResourceLoaderMaxQueryLength = 2048;

if ( extension_loaded( "suhosin" ) && ini_get( "suhosin.get.max_value_length" ) && ( !empty( $wgResourceLoaderMaxQueryLength ) ) ) {
  // suhosin is active, thus do something meaningful with ini_get( "suhosin.get.max_value_length" )
  $wgResourceLoaderMaxQueryLength = min( $wgResourceLoaderMaxQueryLength, ini_get( "suhosin.get.max_value_length" ) );
}
Warning Warning: It's reported that $wgResourceLoaderMaxQueryLength may not have effect (at least in MediaWiki 1.21), making JavaScripts (ResourceLoader) fail if suhosin.get.max_value_length is too low.
When installing MediaWiki, the MediaWiki installer will auto-detect what the current value of suhosin.get.max_value_length is, and set $wgResourceLoaderMaxQueryLength to an apropriate value in your LocalSettings.php file

references[edit | edit source]

  1. The Suhosin author can be contacted through the Suhosin Git repository
  2. Instructions for installing the Suhosin extension
  3. Discussing the automatic setting with the Suhosin author