Failure of a large form (by Drupal module Bubbletimer) to submit, Suhosin post max variables error in Apache log
I originally posted the problem to the Bubbletimer module issue queue, Unable to save (pressing Save button has no effect).
The error can be seen be seen on the server by looking at the Apache error log:
sudo tail -f /var/log/apache2/error.log
Try to submit the 20 activity form, and nothing happens on the Drupal /bubbletimer page, but this error shows up in the log:
[Mon Sep 06 11:36:18 2010] [error] [client 209.6.110.26] ALERT - configured POST variable limit exceeded - dropped variable 'slot[8][1283760000]' (attacker '209.6.110.26', file '/var/local/drupal/oa/web/index.php'), referer: https://oa.agariclabs.org/bubbletimer/nojs
Can edit what looks like the right setting here:
sudo vi /etc/php5/conf.d/suhosin.ini
Changes show up immediately in php -i. But even after a restart of Apache, sudo apache2ctl restart or sudo apache2ctl graceful, the same error occurs, even at values orders of magnitude higher than the default.
Strangely, sudo vi /etc/php5/apache2/php.ini shows no mention of suhosin, and i thought it had to. See this helpful post on a similar (max value length) error.
Maybe Suhosin is being included some other way? And the settings aren't in suhosin.ini? They are not being overridden in the site's .htaccess.
Comments
It's worth noting that by
It's worth noting that by default, suhosin logs its alerts to syslog (on Debian anyway).
Suhosin.ini (again, in debian) lives in /etc/php5/conf.d which is what causes it to be loaded.
I've found tutorials on rebuilding PHP without Suhosin, but I've found it easier to just configure it to be a little looser with some of the values.
http://www.dynamiteheads.com/blog/jakub-suchy/drupal-security-using-suhosin-secure-php-installations Found this article which provides a Drupal-friendly suhosin.ini file. Very helpful.
Post new comment