Dear developers, yesterday I have activated the
Suhosin-Extension http://www.hardened-php.net/suhosin/how_to_install_or_upgrade.html#installing_the_extension with the following settings. ### [suhosin] suhosin.simulation = on /* gal/php.ini */ suhosin.session.encrypt = Off suhosin.log.syslog = 0 /* S_ALL */ suhosin.log.sapi = 511 suhosin.log.file = 511 suhosin.log.file.name = /home/phpapps/installed/logs/php-suhosin.log suhosin.log.use-x-forwarded-for = on suhosin.executor.include.max_traversal = 2 suhosin.executor.disable_eval = on suhosin.executor.disable_emodifier = on suhosin.memory_limit = 1 ### I get a lot of following messages in the php-suhosin.log ### Oct 16 16:07:53 [30611] ALERT-SIMULATION - use of eval is forbidden by configuration (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/rcube_template.php', line 782) Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: strpos() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 540) Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: strtr() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 554) Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: preg_replace() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 557) Oct 16 16:07:53 [30611] ALERT-SIMULATION - function outside of eval whitelist called: nl2br() (attacker '85.127.115.56', file '/home/phpapps/installed/rc06rc/program/include/main.inc', line 559) ### Do you know this issue with suhosin? Do you plan to move to another template engine or do you stay on your own? BR Aleks _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/8f4f07cd
