William Shallum

Suhosin PHAR "URL not allowed"

Posted Feb 25 2010, 15:45 by William Shallum [updated Feb 25 2010, 15:48]

Trying out pyrus with the dotdeb PHP 5.3.1 packages on Debian 5.0 (Lenny), nothing happens when executing pyrus.phar.

The line below is seen in /var/log/user.log

ALERT - Include filename (‘phar:///…/pyrus.phar/PEAR2_Pyrus-2.0.0a1/php/pear2/Pyrus/ScriptFrontend/Commands.php’) is an URL that is not allowed (attacker ‘REMOTE_ADDR not set’, file ‘/…/pyrus.phar’, line 27)

To fix, put:


in /etc/php5/cli/php.ini