Gallery2 using emodifier ist not allowed by configuration

blaufotograph

Joined: 2007-07-30
Posts: 53

Posted: Sat, 2011-01-08 21:43

Hi @ All,

i moved my gallery installation to my new virtual server and got the following error message:

Quote:

Fatal error: SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration in /home/www_blaufotograph/bilder/bilder/Gallery/modules/core/classes/GalleryUtilities.class(768) : regexp code on line 768

I've read the following documentation: http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.disable_emodifier

If i set this parameter to "OFF" the Gallery2 is working fine. Is there any way to get the Gallery working with this parameter??

_____________________________________________
Thank, and regards

blaufotograph

Homepage: http://reisen.blaufotograph.de
My Gallery Version:
* Version: 3.0 with default wind theme, now updated to the latest git-version
* aditionally installation with Gallery 2.3.1

Dayo

Joined: 2005-11-04
Posts: 1642

Posted: Sun, 2011-01-09 05:20

Yes. Go through the entire G2 code and change every instance of preg_replace() with the "/e" modifier you find.

Please also file a request for a G2 security enhancement. Note that active development on G2 has stopped but there is still some activity possible.

Make sure you mark your ticket as "G2" so that it does not get lost in the G3 stuff.

If you do go through and change the code, please post a patch with your ticket.

I do notice you have both G2 and G3 so not entirely sure which one it is you are referring to here. Assuming G2 because you posted under G2.

--
dakanji.com

Dayo

Joined: 2005-11-04
Posts: 1642

Posted: Sun, 2011-01-09 16:34

OK.

Looking through the code, /gallery/lib/tools/po/trim-po.php appears to be the only place where the preg replace with the /e modifier is used in the core code.

You can change ...

function checkStringForBadUtf8($string, $path) {
    if (!isValidUtf8($string)) {
	$printableString = preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string);
	fwrite(stdErr(),
	       "\nWarning: Translation contains invalid UTF-8"
	       . " \"$printableString\" in file $path\n");
    }
}

to

function checkStringForBadUtf8($string, $path) {
    if (!isValidUtf8($string)) {
	fwrite(stdErr(), "\nWarning: Translation contains invalid UTF-8 in $path\n";
    }
}

Better still would be if you can come up with a valid preg_replace_callback syntax to replace preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string);

--
dakanji.com

blaufotograph

Joined: 2007-07-30
Posts: 53

Posted: Sun, 2011-01-09 20:23

Hi Dayo,

thank you for your help.

Dayo wrote:

OK.

Looking through the code, /gallery/lib/tools/po/trim-po.php appears to be the only place where the preg replace with the /e modifier is used in the core code.

You can change ...

function checkStringForBadUtf8($string, $path) {
    if (!isValidUtf8($string)) {
	$printableString = preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string);
	fwrite(stdErr(),
	       "\nWarning: Translation contains invalid UTF-8"
	       . " \"$printableString\" in file $path\n");
    }
}

to

function checkStringForBadUtf8($string, $path) {
    if (!isValidUtf8($string)) {
	fwrite(stdErr(), "\nWarning: Translation contains invalid UTF-8 in $path\n";
    }
}

Do you mean, it is sufficient to change this single Point? I'am not so good in PHP Code Writing, and so i couldn't say if this is the right way.

Dayo wrote:

Better still would be if you can come up with a valid preg_replace_callback syntax to replace preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string);

Are you able to help me?
Of course i'am willing to do the tests for this, but in my mind i'am not able to do this code change without a little bit of help.

Thank you very much, and sorry.

_____________________________________________
Thank, and regards

blaufotograph

Homepage: http://reisen.blaufotograph.de
My Gallery Version:
* Version: 3.0 with default wind theme, now updated to the latest git-version

Dayo

Joined: 2005-11-04
Posts: 1642

Posted: Sun, 2011-01-09 20:44

blaufotograph wrote:

Do you mean, it is sufficient to change this single Point?

Try it and see if it is.
--
dakanji.com

Dayo

Joined: 2005-11-04
Posts: 1642

Posted: Sun, 2011-01-09 20:52

Oops! I think I need to get some sleep as I didn't look at your initial error message in detail and my search was limited to "/e" only.
There are other places with the code beyond the one I gave above (galleryUtilities.class has "/mei").
So, sorry, you have to disable the parameter.

--
dakanji.com

blaufotograph

Joined: 2007-07-30
Posts: 53

Posted: Mon, 2011-01-10 07:46

Hi Dayo,

while recommended from you, i've created a Bugtracker Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=3153808&group_id=7130&atid=107130

Maybe you are able to write a message to one of the core developer to change this parameter in the files? Of course i know, this could be difficult, but i'am still not able to change this code.

Dayo wrote:

So, sorry, you have to disable the parameter.

Do you know someone, who could do the necessary changes in the code?

Thank you very much.

_____________________________________________
Thank, and regards

blaufotograph

Homepage: http://reisen.blaufotograph.de
My Gallery Version:
* Version: 3.0 with default wind theme, now updated to the latest git-version

Dayo

Joined: 2005-11-04
Posts: 1642

Posted: Mon, 2011-01-10 17:12

I don't think any of the core devs will spend time on this. It will have to be a user to user resolution.

Now, I am not that hot on regex stuff but we can try to work out a replacement for the offending bit and see if it works.

So in Gallery/modules/core/classes/GalleryUtilities.class, try changing ...

    /**
     * Unescape embedded UTF-8 entities in the given string.
     * @param string $string the input string with UTF-8 entities
     * @return string the UTF-8 string
     */
    function unicodeEntitiesToUtf8($string) {
	$string = preg_replace('/&#([xa-f\d]+);/mei',
	    "GalleryUtilities::unicodeValueToUtf8Value('\\1')", $string);
	return $string;
    }

to

    /**
     * Unescape embedded UTF-8 entities in the given string.
     * @param string $string the input string with UTF-8 entities
     * @return string the UTF-8 string
     */
    function unicodeEntitiesToUtf8($string) {
	$string = preg_replace_callback('/&#([xa-f\d]+);/mi',
	    "GalleryUtilities::unicodeValueToUtf8Value('\\1')", $string);
	return $string;
    }

Let us know if it works.

--
dakanji.com

blaufotograph

Joined: 2007-07-30
Posts: 53

Posted: Wed, 2011-01-12 08:54

Ok Dayo, thanks again for your help. I hope i could test it out in the next days.

_____________________________________________
Thank, and regards

blaufotograph

Homepage: http://reisen.blaufotograph.de
My Gallery Version:
* Version: 3.0 with default wind theme, now updated to the latest git-version
* a further in

blaufotograph Joined: 2007-07-30 Posts: 53	Posted: Sat, 2011-01-08 21:43
	Hi @ All, i moved my gallery installation to my new virtual server and got the following error message: Quote: Fatal error: SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration in /home/www_blaufotograph/bilder/bilder/Gallery/modules/core/classes/GalleryUtilities.class(768) : regexp code on line 768 I've read the following documentation: http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.disable_emodifier If i set this parameter to "OFF" the Gallery2 is working fine. Is there any way to get the Gallery working with this parameter?? _____________________________________________ Thank, and regards blaufotograph Homepage: http://reisen.blaufotograph.de My Gallery Version: * Version: 3.0 with default wind theme, now updated to the latest git-version * aditionally installation with Gallery 2.3.1
	XUser login Username: * Password: * Create new account Request new password
Dayo Joined: 2005-11-04 Posts: 1642	Posted: Sun, 2011-01-09 05:20
	Yes. Go through the entire G2 code and change every instance of preg_replace() with the "/e" modifier you find. Please also file a request for a G2 security enhancement. Note that active development on G2 has stopped but there is still some activity possible. Make sure you mark your ticket as "G2" so that it does not get lost in the G3 stuff. If you do go through and change the code, please post a patch with your ticket. I do notice you have both G2 and G3 so not entirely sure which one it is you are referring to here. Assuming G2 because you posted under G2. -- dakanji.com

Dayo Joined: 2005-11-04 Posts: 1642	Posted: Sun, 2011-01-09 16:34
	OK. Looking through the code, /gallery/lib/tools/po/trim-po.php appears to be the only place where the preg replace with the /e modifier is used in the core code. You can change ... function checkStringForBadUtf8($string, $path) { if (!isValidUtf8($string)) { $printableString = preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string); fwrite(stdErr(), "\nWarning: Translation contains invalid UTF-8" . " \"$printableString\" in file $path\n"); } } to function checkStringForBadUtf8($string, $path) { if (!isValidUtf8($string)) { fwrite(stdErr(), "\nWarning: Translation contains invalid UTF-8 in $path\n"; } } Better still would be if you can come up with a valid preg_replace_callback syntax to replace `preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string);` -- dakanji.com

blaufotograph Joined: 2007-07-30 Posts: 53	Posted: Sun, 2011-01-09 20:23
	Hi Dayo, thank you for your help. Dayo wrote: OK. Looking through the code, /gallery/lib/tools/po/trim-po.php appears to be the only place where the preg replace with the /e modifier is used in the core code. You can change ... function checkStringForBadUtf8($string, $path) { if (!isValidUtf8($string)) { $printableString = preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string); fwrite(stdErr(), "\nWarning: Translation contains invalid UTF-8" . " \"$printableString\" in file $path\n"); } } to function checkStringForBadUtf8($string, $path) { if (!isValidUtf8($string)) { fwrite(stdErr(), "\nWarning: Translation contains invalid UTF-8 in $path\n"; } } Do you mean, it is sufficient to change this single Point? I'am not so good in PHP Code Writing, and so i couldn't say if this is the right way. Dayo wrote: Better still would be if you can come up with a valid preg_replace_callback syntax to replace `preg_replace('/([^\x20-\x7e])/e', '"\\\\\\x" . dechex(ord("${1}"))', $string);` Are you able to help me? Of course i'am willing to do the tests for this, but in my mind i'am not able to do this code change without a little bit of help. Thank you very much, and sorry. _____________________________________________ Thank, and regards blaufotograph Homepage: http://reisen.blaufotograph.de My Gallery Version: * Version: 3.0 with default wind theme, now updated to the latest git-version

Dayo Joined: 2005-11-04 Posts: 1642	Posted: Sun, 2011-01-09 20:44
	blaufotograph wrote: Do you mean, it is sufficient to change this single Point? Try it and see if it is. -- dakanji.com

Dayo Joined: 2005-11-04 Posts: 1642	Posted: Sun, 2011-01-09 20:52
	Oops! I think I need to get some sleep as I didn't look at your initial error message in detail and my search was limited to "/e" only. There are other places with the code beyond the one I gave above (galleryUtilities.class has "/mei"). So, sorry, you have to disable the parameter. -- dakanji.com

blaufotograph Joined: 2007-07-30 Posts: 53	Posted: Mon, 2011-01-10 07:46
	Hi Dayo, while recommended from you, i've created a Bugtracker Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=3153808&group_id=7130&atid=107130 Maybe you are able to write a message to one of the core developer to change this parameter in the files? Of course i know, this could be difficult, but i'am still not able to change this code. Dayo wrote: So, sorry, you have to disable the parameter. Do you know someone, who could do the necessary changes in the code? Thank you very much. _____________________________________________ Thank, and regards blaufotograph Homepage: http://reisen.blaufotograph.de My Gallery Version: * Version: 3.0 with default wind theme, now updated to the latest git-version

Dayo Joined: 2005-11-04 Posts: 1642	Posted: Mon, 2011-01-10 17:12
	I don't think any of the core devs will spend time on this. It will have to be a user to user resolution. Now, I am not that hot on regex stuff but we can try to work out a replacement for the offending bit and see if it works. So in Gallery/modules/core/classes/GalleryUtilities.class, try changing ... /** * Unescape embedded UTF-8 entities in the given string. * @param string $string the input string with UTF-8 entities * @return string the UTF-8 string / function unicodeEntitiesToUtf8($string) { $string = preg_replace('/&#([xa-f\d]+);/mei', "GalleryUtilities::unicodeValueToUtf8Value('\\1')", $string); return $string; } to /* * Unescape embedded UTF-8 entities in the given string. * @param string $string the input string with UTF-8 entities * @return string the UTF-8 string */ function unicodeEntitiesToUtf8($string) { $string = preg_replace_callback('/&#([xa-f\d]+);/mi', "GalleryUtilities::unicodeValueToUtf8Value('\\1')", $string); return $string; } Let us know if it works. -- dakanji.com

blaufotograph Joined: 2007-07-30 Posts: 53	Posted: Wed, 2011-01-12 08:54
	Ok Dayo, thanks again for your help. I hope i could test it out in the next days. _____________________________________________ Thank, and regards blaufotograph Homepage: http://reisen.blaufotograph.de My Gallery Version: * Version: 3.0 with default wind theme, now updated to the latest git-version * a further in

Gallery2 using emodifier ist not allowed by configuration

XUser login