[imp] BUG: php 5 suhosin triggers MBOX_PREFIX separator
Olivier
olivier at ablinux.com
Mon May 23 16:00:30 UTC 2011
Ok, apologize, i have read it but forgotten.
Olivier
Le 23.05.2011 15:07, Michael J Rubinsky a écrit :
>
> Quoting Olivier <olivier at ablinux.com>:
>
>> Hi,
>>
>> apache 2.2.16
>> php 5.3.3 *with suhosin*
>> horde 4.0.3
>> imp 5.0.3
>>
>> In my syslog, I have a lot of this message:
>>> suhosin[2446]: ALERT - ASCII-NUL chars not allowed within request
>>> variables - dropped variable 'view' (attacker 'XXX.XXX.XXX.XXX',
>>> file '.../services/ajax.php')
>> And the search in dimp never respond !
>>
>> It is the '\0' delimiter char of MAILBOX_PREFIX defined in
>> imp/lib/Search.php which is triggered by suhosin. I suggest you to
>> replace '\0' by '+'. On my server it seems to be ok.
>>
>> Olivier
>
> You didn't read docs/INSTALL:
>
> 2. The following PHP capabilities:
>
> .. Important:: Certain features in IMP 5 will not work with the
> suhosin
> **extension** (e.g. search mailboxes). You must
> disable the
> suhosin extension to use these features. It is
> reported that
> IMP 5 does work the suhosin **patch**.
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: olivier.vcf
Type: text/x-vcard
Size: 328 bytes
Desc: not available
URL: <http://lists.horde.org/archives/imp/attachments/20110523/40e6426b/attachment.vcf>
More information about the imp
mailing list