The Ultimate Weblog System

Resources

Getting started

Support

Development

Sections

User Functions





Don't have an account yet? Sign up as a New User
Lost your password?


What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackback comments

Pages last 2 weeks

No new pages

NEW FILES last 14 days

No new files
No new comments

Links last 2 weeks

No recent new links

Older Stories

Sunday 22-Nov


Tuesday 17-Nov


Sunday 08-Nov


Thursday 15-Oct

Welcome to Geeklog
Tuesday, February 09 2010 @ 06:27 PM EST

Polls Plugin vs. Suhosin

Monday, December 15 2008 @ 02:10 PM EST

Contributed by: Dirk

Views: 3,273

Geeklog

We've had several reports from users who were unable to edit or delete polls. Typical symptoms were being thrown back to the list of polls, with the changes apparently not "sticking". In one case, the user was even told that he didn't have the proper permissions and was asked to log back into the site.

If you're running into this problem, check if you have the Suhosin patch for PHP installed on your server.

The problem, which only occurs with Geeklog 1.5.0 and 1.5.1, is that the new polls editor now has so many form variables that it runs over a limit set by the Suhosin patch. By default, that limit is 200 form variables, whereas the polls editor uses over 300.

Here's what you can do:

  • If you have access to the php.ini, you can raise Suhosin's limit, suhosin.post.max_vars, accordingly (see below).
  • The easier way is probably to limit the number of questions or options per question in Geeklog (in the Polls Configuration).

Rule of thumb: By default, Geeklog allows up to 10 questions and 10 options per question. Every option additionally has a field for the votes and a notes field. So that's 10*10*3 = 300 post variables right there, plus another 30 or so for the other fields (title of the poll, permissions, etc.). Reducing this to, say, 5 questions and 8 options per question gives you 5*8*3+30 = 150 post variables, which is safely below Suhosin's (default) limit. You may want to adjust this to your site's specific needs, also based on your existing polls.

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/polls-plugin-vs-suhosin

No trackback comments for this entry.
Polls Plugin vs. Suhosin | 4 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Polls Plugin vs. Suhosin
Authored by: LWC on Wednesday, December 17 2008 @ 11:23 AM EST
I know someone who claims experiencing the very same issue, but with stories and not with polls (nor with using Suhosin).
Polls Plugin vs. Suhosin
Authored by: Dirk on Wednesday, December 17 2008 @ 04:52 PM EST

Sounds more like the CSRF protection. If you wait too long (or use a pre-1.5.0 theme), it'll do that.

Polls Plugin vs. Suhosin
Authored by: railwayman on Friday, January 30 2009 @ 10:40 AM EST
Had this problem Suse managed to resolve it by advising more or less what you suggest there is one other problem which has eluded a proper resolve which is in this ini line

; disable functions via suhosin
;suhosin.executor.func.blacklist=exec,shell_exec,system,passthru,show_source,proc_open,popen,highlight_file,phpinfo,ini_set,ini_restore

which ones should be enabled to allow GL to function - tried using the simulation active thought everything was alright then when making site live errors throw up.

Many thanks
Polls Plugin vs. Suhosin
Authored by: Dirk on Friday, January 30 2009 @ 11:06 AM EST

Geeklog uses ini_set (mainly to set the path to PEAR, but also in the install script) and exec (to run external processes, e.g. mysqldump for the database backups and NetPBM / ImageMagick for rescaling images).
© 2002-2010 Geeklog
Created this page in 0.28 seconds 		Powered by Geeklog 1.6.1 
Hosted by pair.com