Extension:Suhosin: Difference between revisions

Browse history interactively

← Older edit

Content deleted Content added

VisualWikitext

Revision as of 17:29, 6 March 2015 edit Reedy Bot (talk \| contribs) Bots 443 edits m clean up, replaced: {{Extension → {{TNT\|Extension (2), {{WikimediaDownload → {{TNT\|WikimediaDownload ← Older edit		Latest revision as of 23:14, 2 January 2019 edit undo Legoktm (talk \| contribs) Bureaucrats, Importers, Administrators, Translation administrators 4,405 edits better
(2 intermediate revisions by 2 users not shown)
Line 1: {{Archived extension\|1495173\|reason=If you're using the Suhosin patch for PHP, see [[Manual:Suhosin]] (see [[phab:T205684\|T205684]] for the extension archival request).}} ~~{{info\|~~ ~~'''Is php 5.4 safe without Suhosin?'''~~ ~~: ''Taken from '[http://stackoverflow.com/a/14412121/731798 Stackoverflow]'':~~ ~~Suhosin was a PHP hardening patch. It did not patch any explicit security vulnerabilities -- it merely made some vulnerabilities in PHP scripts more difficult to exploit.~~ Some of the changes which Suhosin made were eventually rolled into PHP. For instance, Suhosin's various layers of protection against null bytes in inputs were made unnecessary by PHP 5.3.4, which made null bytes in filenames always throw an error (rather than silently truncating the filename at the null byte). PHP 5.4 is generally regarded to be reasonably safe without Suhosin involved. Going forward, so long as your application supports it, you will be better off with a newer (5.4+) version of PHP, rather than an older version with the Suhosin patch.}} ~~{{TNT\|Extension\|templatemode =~~ ~~\|name = Suhosin~~ ~~\|status = stable~~ ~~\|type1 =~~ ~~\|username =~~ ~~\|author = Thomas Gries~~ ~~\|description = Dynamically sets [[Manual:$wgResourceLoaderMaxQueryLength\|$wgResourceLoaderMaxQueryLength]] at run time~~ ~~\|image =~~ ~~\|version = 1.00~~ ~~\|update = 2012-02-17~~ ~~\|mediawiki = 1.19+~~ ~~\|license = GPL, MIT~~ ~~\|download = {{TNT\|WikimediaDownload}}~~ ~~\|readme =~~ ~~\|changelog =~~ ~~\|rights =~~ ~~\|bugzilla = Suhosin~~ }} The extension adapts the MediaWiki setting for the ResourceLoader to Suhosin extension setting in php.ini . Details can be found in the [https://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/Suhosin/ program source] code and [[Manual:Suhosin (Hardened-PHP Project patch and extension)]]. '''Suhosin''' is a ''patch'' for the PHP code and, differently, an ''extension'' which hardens the PHP and aims to protect servers and users from known and unknown flaws in PHP. The Suhosin Hardened-PHP Project homepage is http://www.hardened-php.net/suhosin/ <ref>The Suhosin author can be contacted through the [https://github.com/stefanesser/suhosin Suhosin Git repository]</ref> . The most common use is the dynamic linking of the Suhosin <u>''extension''</u> suhosin.so into PHP. Using the ''extension'', you can for example in case of problems easily deactive the Suhosin extension in PHP by out-commenting the linking line in php.ini (shown below). ~~==Installation==~~ ~~{{WikimediaGitCheckout}}~~ ~~{{TNT\|ExtensionInstall}}~~ ~~==See also==~~ ~~<references />~~ * [[Manual:Suhosin (Hardened-PHP Project patch and extension)]]