[TASK] Extend install tool suhosin checks 37/31637/3
authorOliver Hader <oliver@typo3.org>
Wed, 16 Jul 2014 10:13:35 +0000 (12:13 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 13 Aug 2014 18:42:16 +0000 (20:42 +0200)
Extend install tool suhosin checks by
* suhosin.get.max_name_length=200
* suhosin.post.max_name_length=200
* suhosin.request.max_varname_length=200

Resolves: #60356
Releases: 6.2, 6.3
Change-Id: I382e44832918799df58a912e95cd4b0c3f0b81a3
Reviewed-on: http://review.typo3.org/31637
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/install/Classes/SystemEnvironment/Check.php

index 6e77d95..f9f9636 100644 (file)
@@ -92,7 +92,10 @@ class Check {
                $statusArray[] = $this->checkOpenSslInstalled();
                $statusArray[] = $this->checkSuhosinLoaded();
                $statusArray[] = $this->checkSuhosinRequestMaxVars();
+               $statusArray[] = $this->checkSuhosinRequestMaxVarnameLength();
+               $statusArray[] = $this->checkSuhosinPostMaxNameLength();
                $statusArray[] = $this->checkSuhosinPostMaxVars();
+               $statusArray[] = $this->checkSuhosinGetMaxNameLength();
                $statusArray[] = $this->checkSuhosinGetMaxValueLength();
                $statusArray[] = $this->checkSuhosinExecutorIncludeWhitelistContainsPhar();
                $statusArray[] = $this->checkSuhosinExecutorIncludeWhitelistContainsVfs();
@@ -617,6 +620,76 @@ class Check {
        }
 
        /**
+        * Check suhosin.request.max_varname_length
+        *
+        * @return Status\StatusInterface
+        */
+       protected function checkSuhosinRequestMaxVarnameLength() {
+               $recommendedRequestMaxVarnameLength = 200;
+               if ($this->isSuhosinLoaded()) {
+                       $currentRequestMaxVarnameLength = ini_get('suhosin.request.max_varname_length');
+                       if ($currentRequestMaxVarnameLength < $recommendedRequestMaxVarnameLength) {
+                               $status = new Status\ErrorStatus();
+                               $status->setTitle('PHP suhosin.request.max_varname_length too low');
+                               $status->setMessage(
+                                       'suhosin.request.max_varname_length=' . $currentRequestMaxVarnameLength . LF .
+                                       'This setting can lead to lost information if submitting forms with lots of data in TYPO3 CMS' .
+                                       ' (as the install tool does). It is highly recommended to raise this' .
+                                       ' to at least ' . $recommendedRequestMaxVarnameLength . ':' . LF .
+                                       'suhosin.request.max_varname_length=' . $recommendedRequestMaxVarnameLength
+                               );
+                       } else {
+                               $status = new Status\OkStatus();
+                               $status->setTitle('PHP suhosin.request.max_varname_length ok');
+                       }
+               } else {
+                       $status = new Status\InfoStatus();
+                       $status->setTitle('Suhosin not loaded');
+                       $status->setMessage(
+                               'If enabling suhosin, suhosin.request.max_varname_length' .
+                               ' should be set to at least ' . $recommendedRequestMaxVarnameLength . ':' . LF .
+                               'suhosin.request.max_varname_length=' . $recommendedRequestMaxVarnameLength
+                       );
+               }
+               return $status;
+       }
+
+       /**
+        * Check suhosin.post.max_name_length
+        *
+        * @return Status\StatusInterface
+        */
+       protected function checkSuhosinPostMaxNameLength() {
+               $recommendedPostMaxNameLength = 200;
+               if ($this->isSuhosinLoaded()) {
+                       $currentPostMaxNameLength = ini_get('suhosin.post.max_name_length');
+                       if ($currentPostMaxNameLength < $recommendedPostMaxNameLength) {
+                               $status = new Status\ErrorStatus();
+                               $status->setTitle('PHP suhosin.post.max_name_length too low');
+                               $status->setMessage(
+                                       'suhosin.post.max_name_length=' . $currentPostMaxNameLength . LF .
+                                       'This setting can lead to lost information if submitting forms with lots of data in TYPO3 CMS' .
+                                       ' (as the install tool does). It is highly recommended to raise this' .
+                                       ' to at least ' . $recommendedPostMaxNameLength . ':' . LF .
+                                       'suhosin.post.max_name_length=' . $recommendedPostMaxNameLength
+                               );
+                       } else {
+                               $status = new Status\OkStatus();
+                               $status->setTitle('PHP suhosin.post.max_name_length ok');
+                       }
+               } else {
+                       $status = new Status\InfoStatus();
+                       $status->setTitle('Suhosin not loaded');
+                       $status->setMessage(
+                               'If enabling suhosin, suhosin.post.max_name_length' .
+                               ' should be set to at least ' . $recommendedPostMaxNameLength . ':' . LF .
+                               'suhosin.post.max_name_length=' . $recommendedPostMaxNameLength
+                       );
+               }
+               return $status;
+       }
+
+       /**
         * Check suhosin.post.max_vars
         *
         * @return Status\StatusInterface
@@ -687,6 +760,41 @@ class Check {
        }
 
        /**
+        * Check suhosin.get.max_name_length
+        *
+        * @return Status\StatusInterface
+        */
+       protected function checkSuhosinGetMaxNameLength() {
+               $recommendedGetMaxNameLength = 200;
+               if ($this->isSuhosinLoaded()) {
+                       $currentGetMaxNameLength = ini_get('suhosin.get.max_name_length');
+                       if ($currentGetMaxNameLength < $recommendedGetMaxNameLength) {
+                               $status = new Status\ErrorStatus();
+                               $status->setTitle('PHP suhosin.get.max_name_length too low');
+                               $status->setMessage(
+                                       'suhosin.get.max_name_length=' . $currentGetMaxNameLength . LF .
+                                       'This setting can lead to lost information if submitting forms with lots of data in TYPO3 CMS' .
+                                       ' (as the install tool does). It is highly recommended to raise this' .
+                                       ' to at least ' . $recommendedGetMaxNameLength . ':' . LF .
+                                       'suhosin.get.max_name_length=' . $recommendedGetMaxNameLength
+                               );
+                       } else {
+                               $status = new Status\OkStatus();
+                               $status->setTitle('PHP suhosin.get.max_name_length ok');
+                       }
+               } else {
+                       $status = new Status\InfoStatus();
+                       $status->setTitle('Suhosin not loaded');
+                       $status->setMessage(
+                               'If enabling suhosin, suhosin.get.max_name_length' .
+                               ' should be set to at least ' . $recommendedGetMaxNameLength . ':' . LF .
+                               'suhosin.get.max_name_length=' . $recommendedGetMaxNameLength
+                       );
+               }
+               return $status;
+       }
+
+       /**
         * Check suhosin.executor.include.whitelist contains phar
         *
         * @return Status\StatusInterface