[imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Michael J Rubinsky
mrubinsk at horde.org
Mon May 23 13:07:47 UTC 2011
Quoting Olivier <olivier at ablinux.com>:
> Hi,
>
> apache 2.2.16
> php 5.3.3 *with suhosin*
> horde 4.0.3
> imp 5.0.3
>
> In my syslog, I have a lot of this message:
>> suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request
>> variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX',
>> file '.../services/ajax.php')
> And the search in dimp never respond !
>
> It is the '\0' delimiter char of MAILBOX_PREFIX defined in
> imp/lib/Search.php which is triggered by suhosin. I suggest you to
> replace '\0' by '+'. On my server it seems to be ok.
>
> Olivier
You didn't read docs/INSTALL:
2. The following PHP capabilities:
.. Important:: Certain features in IMP 5 will not work with the suhosin
**extension** (e.g. search mailboxes). You must disable the
suhosin extension to use these features. It is reported that
IMP 5 does work the suhosin **patch**.
--
mike
The Horde Project (www.horde.org)
mrubinsk at horde.org
More information about the imp
mailing list