From c9a187ad252c0fe6868c670c4dc5cae5801e6d26 Mon Sep 17 00:00:00 2001 From: Oliver Hader Date: Wed, 16 Jul 2014 12:13:35 +0200 Subject: [PATCH] [TASK] Extend install tool suhosin checks Extend install tool suhosin checks by * suhosin.get.max_name_length=200 * suhosin.post.max_name_length=200 * suhosin.request.max_varname_length=200 Resolves: #60356 Releases: 6.2, 6.3 Change-Id: I382e44832918799df58a912e95cd4b0c3f0b81a3 Reviewed-on: http://review.typo3.org/31637 Reviewed-by: Wouter Wolters Tested-by: Wouter Wolters Reviewed-by: Christian Kuhn Tested-by: Christian Kuhn --- .../Classes/SystemEnvironment/Check.php | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/typo3/sysext/install/Classes/SystemEnvironment/Check.php b/typo3/sysext/install/Classes/SystemEnvironment/Check.php index 6e77d959a5d9..f9f963638526 100644 --- a/typo3/sysext/install/Classes/SystemEnvironment/Check.php +++ b/typo3/sysext/install/Classes/SystemEnvironment/Check.php @@ -92,7 +92,10 @@ class Check { $statusArray[] = $this->checkOpenSslInstalled(); $statusArray[] = $this->checkSuhosinLoaded(); $statusArray[] = $this->checkSuhosinRequestMaxVars(); + $statusArray[] = $this->checkSuhosinRequestMaxVarnameLength(); + $statusArray[] = $this->checkSuhosinPostMaxNameLength(); $statusArray[] = $this->checkSuhosinPostMaxVars(); + $statusArray[] = $this->checkSuhosinGetMaxNameLength(); $statusArray[] = $this->checkSuhosinGetMaxValueLength(); $statusArray[] = $this->checkSuhosinExecutorIncludeWhitelistContainsPhar(); $statusArray[] = $this->checkSuhosinExecutorIncludeWhitelistContainsVfs(); @@ -616,6 +619,76 @@ class Check { return $status; } + /** + * Check suhosin.request.max_varname_length + * + * @return Status\StatusInterface + */ + protected function checkSuhosinRequestMaxVarnameLength() { + $recommendedRequestMaxVarnameLength = 200; + if ($this->isSuhosinLoaded()) { + $currentRequestMaxVarnameLength = ini_get('suhosin.request.max_varname_length'); + if ($currentRequestMaxVarnameLength < $recommendedRequestMaxVarnameLength) { + $status = new Status\ErrorStatus(); + $status->setTitle('PHP suhosin.request.max_varname_length too low'); + $status->setMessage( + 'suhosin.request.max_varname_length=' . $currentRequestMaxVarnameLength . LF . + 'This setting can lead to lost information if submitting forms with lots of data in TYPO3 CMS' . + ' (as the install tool does). It is highly recommended to raise this' . + ' to at least ' . $recommendedRequestMaxVarnameLength . ':' . LF . + 'suhosin.request.max_varname_length=' . $recommendedRequestMaxVarnameLength + ); + } else { + $status = new Status\OkStatus(); + $status->setTitle('PHP suhosin.request.max_varname_length ok'); + } + } else { + $status = new Status\InfoStatus(); + $status->setTitle('Suhosin not loaded'); + $status->setMessage( + 'If enabling suhosin, suhosin.request.max_varname_length' . + ' should be set to at least ' . $recommendedRequestMaxVarnameLength . ':' . LF . + 'suhosin.request.max_varname_length=' . $recommendedRequestMaxVarnameLength + ); + } + return $status; + } + + /** + * Check suhosin.post.max_name_length + * + * @return Status\StatusInterface + */ + protected function checkSuhosinPostMaxNameLength() { + $recommendedPostMaxNameLength = 200; + if ($this->isSuhosinLoaded()) { + $currentPostMaxNameLength = ini_get('suhosin.post.max_name_length'); + if ($currentPostMaxNameLength < $recommendedPostMaxNameLength) { + $status = new Status\ErrorStatus(); + $status->setTitle('PHP suhosin.post.max_name_length too low'); + $status->setMessage( + 'suhosin.post.max_name_length=' . $currentPostMaxNameLength . LF . + 'This setting can lead to lost information if submitting forms with lots of data in TYPO3 CMS' . + ' (as the install tool does). It is highly recommended to raise this' . + ' to at least ' . $recommendedPostMaxNameLength . ':' . LF . + 'suhosin.post.max_name_length=' . $recommendedPostMaxNameLength + ); + } else { + $status = new Status\OkStatus(); + $status->setTitle('PHP suhosin.post.max_name_length ok'); + } + } else { + $status = new Status\InfoStatus(); + $status->setTitle('Suhosin not loaded'); + $status->setMessage( + 'If enabling suhosin, suhosin.post.max_name_length' . + ' should be set to at least ' . $recommendedPostMaxNameLength . ':' . LF . + 'suhosin.post.max_name_length=' . $recommendedPostMaxNameLength + ); + } + return $status; + } + /** * Check suhosin.post.max_vars * @@ -686,6 +759,41 @@ class Check { return $status; } + /** + * Check suhosin.get.max_name_length + * + * @return Status\StatusInterface + */ + protected function checkSuhosinGetMaxNameLength() { + $recommendedGetMaxNameLength = 200; + if ($this->isSuhosinLoaded()) { + $currentGetMaxNameLength = ini_get('suhosin.get.max_name_length'); + if ($currentGetMaxNameLength < $recommendedGetMaxNameLength) { + $status = new Status\ErrorStatus(); + $status->setTitle('PHP suhosin.get.max_name_length too low'); + $status->setMessage( + 'suhosin.get.max_name_length=' . $currentGetMaxNameLength . LF . + 'This setting can lead to lost information if submitting forms with lots of data in TYPO3 CMS' . + ' (as the install tool does). It is highly recommended to raise this' . + ' to at least ' . $recommendedGetMaxNameLength . ':' . LF . + 'suhosin.get.max_name_length=' . $recommendedGetMaxNameLength + ); + } else { + $status = new Status\OkStatus(); + $status->setTitle('PHP suhosin.get.max_name_length ok'); + } + } else { + $status = new Status\InfoStatus(); + $status->setTitle('Suhosin not loaded'); + $status->setMessage( + 'If enabling suhosin, suhosin.get.max_name_length' . + ' should be set to at least ' . $recommendedGetMaxNameLength . ':' . LF . + 'suhosin.get.max_name_length=' . $recommendedGetMaxNameLength + ); + } + return $status; + } + /** * Check suhosin.executor.include.whitelist contains phar * -- 2.20.1