Notice

Random Notes‎ > ‎

Suhosin PHAR "URL not allowed"

posted Feb 25, 2010, 7:45 AM by William Shallum
Trying out pyrus with the dotdeb PHP 5.3.1 packages on Debian 5.0 (Lenny), nothing happens when executing pyrus.phar.

The line below is seen in /var/log/user.log

ALERT - Include filename ('phar:///.../pyrus.phar/PEAR2_Pyrus-2.0.0a1/php/pear2/Pyrus/ScriptFrontend/Commands.php') is an URL that is not allowed (attacker 'REMOTE_ADDR not set', file '/.../pyrus.phar', line 27)

To fix, put:

suhosin.executor.include.whitelist="phar"

in /etc/php5/cli/php.ini
Comments