Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 15. Dec 2018, 16:51

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: suhosin session issues
PostPosted: 31. Oct 2010, 13:17 
Offline

Joined: 19. Oct 2010, 16:08
Posts: 6
Hello.
Forgive me if this has been covered in the Forum, however a search for suhosin session didnt give any threads..

I had an issue where my server was stopping some of the features of the joomla uploader from working.

the problem i had was that i would get an error 500 displayed on the flash uploader.

i tried the solutions listed in the faq and had little success..

I then switched the config file to use imagemagick and this then allowed me to upload images but there was still an issue as the flash uploader would not display thumbnails..it stated "Preview not available"

the next step was to edit my local php.ini and htaccess files.

i edited the php.ini file so that suhosin was disabled by finding and editing this line

from : extension="suhosin.so"
to : ; extension="suhosin.so"

and adding this line to the htaccess file

SetEnv PHPRC "/home/username/public_html"

this sorted out my problems..

BUT....

i dont really want to disable the complete suhosin so read up on the subject a little and found a few sites such as Gallery3 that also stated issues with suhosin and flash uploads.

the suggestion was to disable suhosin.session.encrypt as listed on this page:
http://codex.gallery2.org/Gallery3:FAQ

I find that doing as instructed either seems to have no effect or gives me a full error 500 page.

can anyone suggest a possible solution to this?

I will keep this tread updated as i find out more.

Kind Regards
Carl


Top
 Profile  
 
PostPosted: 31. Oct 2010, 19:28 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10955
Have you set

suhosin.session.encrypt=off

in a custom php.ini?

- Michael


Top
 Profile  
 
PostPosted: 31. Oct 2010, 19:59 
Offline

Joined: 19. Oct 2010, 16:08
Posts: 6
Hi.
Yes that has been set to off, the phpinfo file also states that it is off.

so at this time if i enable suhosin i can upload new image when using imagemagick, if i browse images that have already had thumbnails created i can see the thumbnail but the text states that theres "No preview available" and nothing happens when i click on the small thumbnail image to enlarge it.

i have thumbnails being created in the added thumbs folder and i also have sessions being added to the session_cache folder.

i have tried to look at the suhosin logs but didnt get much from that.

entries in the suhosin logs that seem to be linked to the times i try the uploader seem to read like :

Oct 31 17:57:21 server3877 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:22:64:34:a2:71:00:04:96:27:c3:2c:08:00 SRC=89.150.132.166 DST=94.76.206.142 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=32333 DF PROTO=TCP SPT=14420 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0

does this give any clues?

Kind Regards
Carl


Top
 Profile  
 
PostPosted: 31. Oct 2010, 20:14 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10955
I'm not sure why this request should be blocked. Because tfu does a request first do check if the file can be preview.
Are you really sure it works if you comletely turn off suhosin ?

- Michael


Top
 Profile  
 
PostPosted: 31. Oct 2010, 20:23 
Offline

Joined: 19. Oct 2010, 16:08
Posts: 6
Hi..
Yes sure, i have this line in my php.ini

;extension="suhosin.so"

everything works, uploading, resizing, it shows a small thumbnail when an image is clicked, when that image is clicked i get a larger popup in the flash player that displays a bigger image, i can even do the full screen view.

if i change the php.ini entry to :

extension="suhosin.so"
suhosin.session.encrypt = Off
suhosin.session.cryptua=Off
suhosin.cookie.encrypt = Off

i can still upload but none of the thumbnail features work.

i have also tried disabling other settings 1 by 1 but have had no success as yet :(

Kind Regards

Carl


Top
 Profile  
 
PostPosted: 31. Oct 2010, 20:37 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10955
Du you have a url where i an check? Problem is that I do a check first if a preview can be done on the server. And this is a normal request which seems to be blocked...

- Michael


Top
 Profile  
 
PostPosted: 31. Oct 2010, 20:57 
Offline

Joined: 19. Oct 2010, 16:08
Posts: 6
Hi Michael.

I am making a little ground, what i have done is to Enable suhosin in my public_html folder.

then add another php.ini (with suhosin disabled) and an .htaccess file inside the tfu folder in the administration components directory.

at this moment things seem to be working ok and i dont need to disable suhosin over the whole site

i can supply any link or information you require but would you prefer i remove the files i just added into the tfu folder?

Kind Regards

carl


Top
 Profile  
 
PostPosted: 1. Nov 2010, 01:21 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10955
I'm just wondering why only the preview does not work. I only know that this can be a problem with suhosin for the upload.

- Michael


Top
 Profile  
 
PostPosted: 1. Nov 2010, 01:46 
Offline

Joined: 19. Oct 2010, 16:08
Posts: 6
:) it does seem to be a strange one , as i say by adding a new php.ini file into the ftu folder i was able to disable suhosin for that directory only and all works.

from your point of view, if you would like full access to a demo site where i have it installed just let me know, that way you can see what i am saying, its late now so i am off for the night, but let me know and i can send you access details.

from my point of view i think i am happy with the way things are now working :)

Kind Regards
Carl


Top
 Profile  
 
PostPosted: 1. Nov 2010, 10:55 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10955
I want to add your solution to a howto because I don't think I can solve this automatically.

So the solution is to put a custon php.ini in the tfu folder to disable suhosin?

- Michael


Top
 Profile  
 
PostPosted: 1. Nov 2010, 19:40 
Offline

Joined: 19. Oct 2010, 16:08
Posts: 6
Hi Michael.
yes thats correct, so...

in administrator/components/com_jfuploader/tfu
i have added 2 files:

php.ini (this contains the full global php.ini content but with extension="suhosin.so" commented out with a ;)
making the entry

;extension="suhosin.so"

the second file is a .htaccess file that contains 1 line :

SetEnv PHPRC "/home/username/public_html/administrator/components/com_jfuploader/tfu"

which is the full path to the new php.ini file.

as far as i can see so far this has fixed the issues without cancelling suhosin site wide.

Hope this helps.

Kind Regards

Carl


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
powered by phpbb | Datenschutz/ Privacy policy