Plugin SecurityInfo shows wrong result for Suhosin Extension #1753
Comments
|
Perhaps the web server is using a different php binary? Try again with this script: |
|
$exts = get_loaded_extensions(); // $exts dont contain "suhosin" $constants = get_defined_constants(); // $constants[= 1, $constants'SUHOSIN_PATCH' = 0.9.6.2 According to this the opened bug can be closed by 50%. It seems that the extension is not loaded and therefore the notice about the extension is correct. |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm running Piwik 1.0 with FastCgi on a Debian Lenny system.
The SecurityInfo-Plugin says:
You are not running PHP with the Suhosin extension loaded. We recommend both the patch and extension for low- and high-level protections including transparent cookie encryption and remote inclusion vulnerabilities.
You are not running PHP with the Suhosin patch applied. We recommend both the patch and extension for low- and high-level protections against (for example) buffer overflows and format string vulnerabilities.
The php tells me:
/usr/bin/php5-cgi --version
PHP 5.2.6-1+lenny9 with Suhosin-Patch 0.9.6.2 (cgi-fcgi) (built: Aug 4 2010 05:59:13)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
Same message when calling phpinfo in the piwik dir.
Keywords: feedback
The text was updated successfully, but these errors were encountered: