Bug #16945
closedHardened-PHP / Suhosin / suhosin.executor.max_depth / ALERT - maximum execution depth reached
0%
Description
Stupid Hardened-PHP / Suhosin blocks generation of frontend output.
My hoster silently activated Hardened-PHP and TYPO3 failed perfectly - just a "page is being generated" message in the frontend and a nonspecial warning in the error.log (see additional information).
The problem was the ini declaration "suhosin.executor.max_depth" (see: http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.max_depth) which was set to 50.
This blocks the character set conversion in tslib_cs (so it is a core problem).
Maybe it would be good to add a section to the install tool, which checks for the setting of this variable and puts out a warning if activated.
By the way: solution is (at least if the hoster allows this) to set:
php_value suhosin.executor.max_depth 0
php_flag suhosin.simulation On
in a .htaccess file
- The first one deactivates the maximum execution depth (at least needed).
- The second one sets Suhosin to simulation mode (not needed, but who knows what Suhosin might block in future...)
[Tue Feb 06 14:21:21 2007] [error] [client 87.180.251.52] ALERT - maximum execution depth reached - script terminated (attacker '87.180.251.52', file '/www/__typo3/index.php')
[Tue Feb 06 14:21:21 2007] [error] [client 87.180.251.52] ALERT - maximum execution depth reached - script terminated (attacker '87.180.251.52', file '/www/__typo3/index.php')
(issue imported from #M4930)