We've been tracking down a weird problem with adding blocks on Drupal 5.1 when running PHP 5.2: attempting to add a block to any region causes the current user to get logged out; something "eats" the session cookie, clearing it out.

After a great deal of experimentation, it appears that the culprit is the PHP Suhosin extension, which amoung other things changes the way cookies behave.

I'm adding this entry as a "tracking bug", and to make it easier for other people with this problem to find the relationship of Suhosin to the problem.

We saw this problem reproduceably on Debian 4.0/testing installs using all browsers, Drupal 5.1 and PHP 5.2.0.

Comments

john morahan’s picture

john morahan commented

We ran into this problem too, with Drupal 4.7. Suhosin limits requests to 200 variables by default, but the admin/block form can easily grow much longer than that. Increasing the values of suhosin.post.max_vars and suhosin.request.max_vars solved the problem for us.

chx’s picture

chx commented
Status: Active » Closed (won't fix)

My only comment is: before someone reports it, Drupal also does not run on PocketHPH .

DAN900’s picture

DAN900 commented

It causes a WSOD for me..

[Tue Feb 12 15:35:43 2008] [error] [client 84.87.149.195] ALERT - use of eval is forbidden by configuration (attacker '84.87.149.195', file '/var/www/vhosts/take-a-seat.nu/httpdocs/ontwikkeling/includes/common.inc', line 1352), referer: http://www.take-a-seat.nu/ontwikkeling/?q=admin/content/node
[Tue Feb 12 15:35:43 2008] [error] [client 84.87.149.195] PHP Fatal error: SUHOSIN - Use of eval is forbidden by configuration in /var/www/vhosts/take-a-seat.nu/httpdocs/ontwikkeling/includes/common.inc(1352) : eval()'d code on line 1352, referer: http://www.take-a-seat.nu/ontwikkeling/?q=admin/content/node

says the error log.
After adding a few lines php to the display-status of a block i can't get anything at all..