@anonymous-piwik-user opened this Issue on October 5th 2010

I'm running Piwik 1.0 with FastCgi on a Debian Lenny system.

The SecurityInfo-Plugin says:
1) You are not running PHP with the Suhosin extension loaded. We recommend both the patch and extension for low- and high-level protections including transparent cookie encryption and remote inclusion vulnerabilities.

2) You are not running PHP with the Suhosin patch applied. We recommend both the patch and extension for low- and high-level protections against (for example) buffer overflows and format string vulnerabilities.

The php tells me:
/usr/bin/php5-cgi --version
PHP 5.2.6-1+lenny9 with Suhosin-Patch 0.9.6.2 (cgi-fcgi) (built: Aug 4 2010 05:59:13)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

Same message when calling phpinfo in the piwik dir.
Keywords: feedback

@robocoder commented on October 5th 2010 Contributor

Perhaps the web server is using a different php binary?

Try again with this script:

<?php
print_r(get_loaded_extensions()); // this should contain "suhosin" if you have the Suhosin extension
print_r(get_defined_constants()); // this should contain SUHOSIN_PATCH if the Suhosin patch was applied
@anonymous-piwik-user commented on October 5th 2010

1)
$exts = get_loaded_extensions(); // $exts dont contain "suhosin"

2)
$constants = get_defined_constants(); // $constants[= 1, $constants'SUHOSIN_PATCH' = 0.9.6.2

According to this the opened bug can be closed by 50%. It seems that the extension is not loaded and therefore the notice about the extension is correct.
But the notice about the patch shouldnt be given.

@robocoder commented on October 6th 2010 Contributor

(In [3237]) fixes #1753, refs #1310 - get_defined_constants(false) is broken prior to php 5.2.11

This Issue was closed on October 6th 2010
Powered by GitHub Issue Mirror