User login

Failure of a large form (by Drupal module Bubbletimer) to submit, Suhosin post max variables error in Apache log

I originally posted the problem to the Bubbletimer module issue queue, Unable to save (pressing Save button has no effect).

The error can be seen be seen on the server by looking at the Apache error log:

sudo tail -f /var/log/apache2/error.log

Try to submit the 20 activity form, and nothing happens on the Drupal /bubbletimer page, but this error shows up in the log:

[Mon Sep 06 11:36:18 2010] [error] [client 209.6.110.26] ALERT - configured POST variable limit exceeded - dropped variable 'slot[8][1283760000]' (attacker '209.6.110.26', file '/var/local/drupal/oa/web/index.php'), referer: https://oa.agariclabs.org/bubbletimer/nojs

Can edit what looks like the right setting here:

sudo vi /etc/php5/conf.d/suhosin.ini

Changes show up immediately in php -i. But even after a restart of Apache, sudo apache2ctl restart or sudo apache2ctl graceful, the same error occurs, even at values orders of magnitude higher than the default.

Strangely, sudo vi /etc/php5/apache2/php.ini shows no mention of suhosin, and i thought it had to. See this helpful post on a similar (max value length) error.

Maybe Suhosin is being included some other way? And the settings aren't in suhosin.ini? They are not being overridden in the site's .htaccess.

Searched words: 
suhosin bubble timer maximum vars errorlog

Comments

It's worth noting that by

It's worth noting that by default, suhosin logs its alerts to syslog (on Debian anyway).

Suhosin.ini (again, in debian) lives in /etc/php5/conf.d which is what causes it to be loaded.

I've found tutorials on rebuilding PHP without Suhosin, but I've found it easier to just configure it to be a little looser with some of the values.

http://www.dynamiteheads.com/blog/jakub-suchy/drupal-security-using-suhosin-secure-php-installations Found this article which provides a Drupal-friendly suhosin.ini file. Very helpful.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <small> <h2> <h3> <h4> <h5> <h6> <sub> <sup> <p> <br> <strike> <table> <tr> <td> <thead> <th> <tbody> <tt> <output>
  • Lines and paragraphs break automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.