suhosin | SUHOSIN for PHP 5.x - The PHP security extension | Build Tool library
kandi X-RAY | suhosin Summary
kandi X-RAY | suhosin Summary
Suhosin (pronounced 'su-ho-shin') is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of suhosin
suhosin Key Features
suhosin Examples and Code Snippets
Community Discussions
Trending Discussions on suhosin
QUESTION
I am trying to setup a varnish cache where the varnish instance is hosted on one server and the backend is on a different server. They are both on aws lightsail instances. The issue I am having is when I try and go to the site, I get the Error 503 Backend fetch failed
error. Here is the varnish default.vcl:
ANSWER
Answered 2021-May-07 at 08:19I discovered the key information in the logs:
QUESTION
I've been struggling for a few days with WooCommerce / Imagick timing out during creation of a product via the API.
Whenever I push up a batch of products (even a small batch) the Imagick thumbnail generation process times out after 70 seconds:
My phpinfo() page shows max_execution_time is set to 600 seconds (which I've definitely set inside plesk) but for whatever reason the Imagick / Thumbnail process seems to ignore that timeout.
I am at a loss as to where the 70 second timeout is coming from and how to control it.
I've tried:
- Specifying recursive php.ini in .htaccess - no change
- Setting php_value in .htaccess - This is no longer supported by Apache/Plesk
- Reading the source code - I get lost very quickly trying to reverse engineer this PHP
Any advice or help would be very much appreciated at this point. Thanks!
Extra Context:
Wordpress Site Health Info
...ANSWER
Answered 2021-Mar-26 at 00:53After a great deal of pain, I have an answer.
Firstly, I had to answer the question: how can a PHP script be ignoring the time limit set in my php.ini file, and my .htaccess files?
Answer: This function allows a script to set its own behaviour and essentially ignore the .ini file https://www.php.net/manual/en/function.set-time-limit.php
Next question, where is this being called? I found this reference in the native WooCommerce Stripe Payment gateway plugin. Even though I dont use the plugin, it was automatically activated and somehow globally affecting the WooCommerce /product/batch api
class-wc-stripe-connect-api.php line 115/116
QUESTION
I've an ecommerce app that's was working fine some days ago. After I update the wordpress and woocommerce plugin, the app suddenly stopped working.
I think that's something about the plugin that I use (mstore app-mobile), but unfortunately is not possible to update this plugin.
The error happen on this updateCartQty function. My guess is that something about the function parameter.
...ANSWER
Answered 2021-Mar-12 at 21:21From the var_dump of the $_POST variable (EDIT 3) it is clear that you will have to get the cart item key and the quantity in this way:
QUESTION
We have a server deployed on amazon aws, the problem we are facing is that when ever there's a special character in the URL, it redirects to a 403 Forbidden error. It works fine on my local environment but not on live. See below
Does not work:
/checkout/cart/delete/id/243687/form_key/8182e1mPZIipGrXO/uenc/aHR0cHM6Ly93d3cuaG9iby5jb20ucGsvY2hlY2tvdXQvY2FydC8,
Works:
/checkout/cart/delete/id/243687/form_key/8182e1mPZIipGrXO/uenc/aHR0cHM6Ly93d3cuaG9iby5jb20ucGsvY2hlY2tvdXQvY2FydC8
Does not work:
/index.php/admin/catalog_product/new/attributes/OTI%253D/set/4/type/configurable/key/9f01c4b1a3f8c70002f3465b5899a54d
Works:
/index.php/admin/catalog_product/new/attributes/OTI253D/set/4/type/configurable/key/9f01c4b1a3f8c70002f3465b5899a54d
.htaccess for debugging
Given below is the htaccess code, but the thing is that this code works on my local.
...ANSWER
Answered 2021-Jan-01 at 10:14Try removing the query string 403 lines.
It could work locally if you don't have mod alias enabled as those lines will be skipped.
QUESTION
ENV: nginx + php-fpm
I have installed OC 2.1
When I use SEO URLs around website there is no problems.
example.com/news - [OK, 200]
example.com/de/news - [OK, 200]
But sometimes I don't have SEO URLs
example.com/index.php?route=information/testimonials&testimonial_id=6 - [OK, 200]
example.com/en/index.php?route=information/testimonials&testimonial_id=6 - [ERROR, 404]
NGINX:
...ANSWER
Answered 2020-Oct-30 at 17:10Here is what happened with your nginx config. When some general request (say /de/news) arrives at your server, it is processed by location / { ... } block where the try_files directive checked /var/www/example.com/de/news file presence first, then your defined index files presence in the /var/www/example.com/de/news directory, and then continues the request processing with the @opencart named location, where your request transformed to /index.php?_route_=/de/news. After that the last flag of the rewrite nginx directive forces nginx to search a new location for this transformed request, which is location ~ [^/]\.php(/|$) { ... } one. But when you got a request like /en/index.php?route=information/testimonials&testimonial_id=6, it goes directly to that location bypassing the default location / { ... } one, the regex matching locations take priority over the prefix locations. After the fastcgi_split_path_info directive you have $fastcgi_script_name variable equal to /en/index.php and the try_files $fastcgi_script_name =404; obviously gives you an HTTP 404 error.
What you can try to do? For example, you can try try_files $fastcgi_script_name /index.php?_route_=$uri&$args;. This directive would transform your /en/index.php?route=information/testimonials&testimonial_id=6 request to /index.php?_route_=/en/index.php&route=information/testimonials&testimonial_id=6. You can rewrite your URI moving this language prefix to some query variable, for example
QUESTION
I'm using Varnish + nginx on a web server and I'm trying to get the real IP of users going to my site in the access.log, I was able to get it to work but for some reason my local IP (the one Varnish is running from) gets appended to the log entry as well, here's how it looks like:
...ANSWER
Answered 2020-Oct-08 at 11:58Everything is working as expected according to your log format:
log_format main '$http_x_forwarded_for - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent "$http_referer" ' '"$http_user_agent"';
Note how you're logging the value of X-Forwarded-For header, as opposed to the IP.
If you want real IP, use $remote_addr together with the directives you already tried:
QUESTION
I have a URL:
...ANSWER
Answered 2020-Sep-28 at 18:08QUESTION
I am setting up a Magento server with Nginx SSL termination and varnish nginx and varnish 5.1 are installed in dedicated host 192.168.1.251 (ubuntu) & Magento on 192.168.1.250 (ubuntu)
nginx 1.6 (192.168.1.251:443 or https://mywebsite.com/) + varnish (127.0.0.1:6081) -> magento 2.3 (192.168.1.250:8080)
problem is content like jpg,svg etc are served from 192.168.1.250 i.e my backend server directly and scripts are blocked due to CORS ref below image chrome DevTools
if I access 192.168.1.251:6081 i.e varnish host & port all the contents are coming from the backend server Chrome Devtool
nginx ssl termination config:
...ANSWER
Answered 2020-Jul-30 at 07:15The issue you're experiencing is probably related to the fact that your Magento base URL is set to 192.168.1.250:8080.
Magento will enforce that value if it notices the Host header (or the protocol scheme) doesn't match its own.
So in your case, you're sending the following host header to Magento through Varnish:
QUESTION
localhost/index.php?proof_xml=%3CAuthProof%3E%3CTime%3E2018+Mar+03+16%3A42%3A06%3C%2FTime%3E%3CVEReqProof%3E%3CMessage+id%3D%22c12Wrq0yBXr3nLA2d3u1%22%3E%3CVEReq%3E%3Cversion%3E1.0.2%3C%2Fversion%3E%3CMerchant%3E%3CacqBIN%3E518670%3C%2FacqBIN%3E%3CmerID%3E5586000012131%3C%2FmerID%3E%3C%2FMerchant%3E%3CBrowser%3E%3CdeviceCategory%3E0%3C%2FdeviceCategory%3E%3Caccept%3E%2A%2F%2A%3C%2Faccept%3E%3CuserAgent%3EMozilla%2F5.0+%28X11%3B+Linux+i686%3B+rv%3A49.0%29+Gecko%2F20100101+Firefox%2F49.0+SeaMonkey%2F2.46%3C%2FuserAgent%3E%3C%2FBrowser%3E%3C%2FVEReq%3E%3C%2FMessage%3E%3C%2FVEReqProof%3E%3CVEResProof%3E%3CMessage+id%3D%22c12Wrq0yBXr3nLA2d3u1%22%3E%3CVERes%3E%3Cversion%3E1.0.2%3C%2Fversion%3E%3CCH%3E%3Cenrolled%3EY%3C%2Fenrolled%3E%3C%2FVERes%3E%3C%2FMessage%3E%3C%2FVEResProof%3E%3C%2FAuthProof%3E
I want it to print it as it is using a GET method. There are some more attributes as well, but I need to print proof_xml only.
...ANSWER
Answered 2018-Mar-03 at 18:59If you mean you want it URL encoded, try using urlencode. See http://php.net/manual/en/function.urlencode.php for more details.
QUESTION
I executed a script with php cli : php myscript.php
In mycript.php, you can find $output = shell_exec('bash migration.sh');
When I trigger the script, I received this error : shell_exec() has been disabled for security reasons
So, I tried to solve with the following solution : php --ini
I had the following result :
...ANSWER
Answered 2020-Apr-21 at 14:44You needed to tweak your php.ini and modify disable_functions entry to no longer list that function. Mind that common issue is editing wrong config file (use phpinfo() to check that).
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install suhosin
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
