Bug #60925
closed
Install / Environment Check / Check suhosin.executor.include.whitelist might fail due to wrong delimiter
100%
Description
I always got a warning in the install tool that my suhosin.executor.include.whitelist does not contain phar (and vfs). PHP info tells me, that my config reads as " https://,http://,phar://,vfs:// ".
Looking at the config docs of Suhosin [[http://www.suhosin.org/stories/configuration.html#suhosin-executor-include-whitelist]] this seems to be right, especially that there are commas and something after phar ("://").
The check in typo3/sysext/install/Classes/SystemEnvironment/Check.php in line 696 tries to explode the string using the delimiter ' ' which will fail in cases of comma separated strings. Furthermore, using !in_array('phar') in the next line will also always fail if something is appended to phar in config.
I changed
$currentWhiteListArray = $this->trimExplode(' ', ini_get('suhosin.executor.include.whitelist'));
if (!in_array('phar', $currentWhiteListArray)) {
to
if (strpos(ini_get('suhosin.executor.include.whitelist','phar' ) === false)) {
to solve both problems. Of course, I had to repeat that for the vfs check.
Best.
Updated by Markus Klein over 10 years ago
Hi!
I don't know suhosin well enough, but can it be that there has been a change in the configuration syntax?
Nevertheless I agree to change this to a simple strpos. I'll push a patch.
Updated by Gerrit Code Review over 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32122
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32144
Updated by Markus Klein over 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 6416048e15c4ed465a2800c34ccc95f582d7d725.
Updated by