Hi all,
I discussed with Platonides and the Suhosin author an automatic MediaWiki run-time adaption of $wgResourceLoaderMaxQueryLength [1-3].
Currently, Suhosin and the setting of suhosin.get.max_value_length is detected and signalled _only_ during the MW installation.
However, if the system (Suhosin) settings are changed after the MW installation, it requires knowledge about this fact and and it requires to adapt the setting manually in any Mediawiki installation on this server.
I now suggest to add something to the core which can adapt the $wgResourceLoaderMaxQueryLength also during run-time but still in the limits given by a previous $wgResourceLoaderMaxQueryLength in LocalSettings.
// Design idea // // In LocalSettings / DefaultSettings // example of a user value from e.g. LocalSettings // this value may be cropped at run-time // to suhosin.get.max_value_length (if Suhosin extension is active) $wgResourceLoaderMaxQueryLength = 5212;
/* In MW core after LocalSettings */
if ( extension_installed( "suhosin" ) && ini_get( "suhosin.get.max_value_length" ) ) {
$wgResourceLoaderMaxQueryLength = min( $wgResourceLoaderMaxQueryLength, ini_get( "suhosin.get.max_value_length" ) );
}
[1] https://www.mediawiki.org/wiki/Manual:$wgResourceLoaderMaxQueryLength [2] https://www.mediawiki.org/wiki/Manual:Suhosin [3] https://github.com/stefanesser/suhosin/issues/4#issuecomment-3816249
On 5 February 2012 08:55, Thomas Gries mail@tgries.de wrote:
Hi all,
I discussed with Platonides and the Suhosin author an automatic MediaWiki run-time adaption of $wgResourceLoaderMaxQueryLength [1-3].
Currently, Suhosin and the setting of suhosin.get.max_value_length is detected and signalled _only_ during the MW installation.
However, if the system (Suhosin) settings are changed after the MW installation, it requires knowledge about this fact and and it requires to adapt the setting manually in any Mediawiki installation on this server.
I now suggest to add something to the core which can adapt the $wgResourceLoaderMaxQueryLength also during run-time but still in the limits given by a previous $wgResourceLoaderMaxQueryLength in LocalSettings.
// Design idea // // In LocalSettings / DefaultSettings // example of a user value from e.g. LocalSettings // this value may be cropped at run-time // to suhosin.get.max_value_length (if Suhosin extension is active) $wgResourceLoaderMaxQueryLength = 5212;
/* In MW core after LocalSettings */
if ( extension_installed( "suhosin" ) && ini_get( "suhosin.get.max_value_length" ) ) {
$wgResourceLoaderMaxQueryLength = min( $wgResourceLoaderMaxQueryLength, ini_get( "suhosin.get.max_value_length" ) );
}
[1] https://www.mediawiki.org/wiki/Manual:$wgResourceLoaderMaxQueryLength [2] https://www.mediawiki.org/wiki/Manual:Suhosin [3] https://github.com/stefanesser/suhosin/issues/4#issuecomment-3816249
It would make more sense to have an Extension:Suhosin which introduced restrictions of this kind, probably in one of the hooks just after LocalSettings. While this is valuable functionality to have for users of the suhosin patch, it's not applicable to the majority of MW installs.
--HM
Am 05.02.2012 12:34, schrieb Happy Melon:
// Design idea // // In LocalSettings / DefaultSettings // example of a user value from e.g. LocalSettings // this value may be cropped at run-time // to suhosin.get.max_value_length (if Suhosin extension is active) $wgResourceLoaderMaxQueryLength = 5212;
/* In MW core after LocalSettings */
if ( extension_installed( "suhosin" ) && ini_get( "suhosin.get.max_value_length" ) ) {
$wgResourceLoaderMaxQueryLength = min( $wgResourceLoaderMaxQueryLength, ini_get( "suhosin.get.max_value_length" ) );
}
It would make more sense to have an Extension:Suhosin which introduced restrictions of this kind, probably in one of the hooks just after LocalSettings. While this is valuable functionality to have for users of the suhosin patch, it's not applicable to the majority of MW installs.
--HM
I fully understood your points and concerns - which I also had. That's why I wanted to trigger a discussion among the core team.
What do others say ?
wikitech-l@lists.wikimedia.org