suhosin

I'm struggling to read query variables that contain more than 512 characters in the $_GET array. If I parse the query string using parse_string , however, I can read it just fine from the resulting array. Example: # GET /test.php?foo=<string with 513 characters>&bar=bar HTTP/1.1 <?php var_dump($_GET['foo']); # NULL var_dump($_GET['bar']); # "bar" parse_str($_SERVER['QUERY_STRING'], $output); var_dump($output['foo']); # <string with 513 characters> ?> This makes no sense to me, since $_GET uses parse_str internally to derive the query variables from the query string. Am I missing something?

I'm currently working on developing a PHP CMF which will eventually be commercially available and I want to use traits. The problem however is that traits are a PHP 5.4 feature and apparently the popular Suhosin security patch isn't compatible with PHP 5.4. So my question is this: is it safe to run a PHP website without the Suhosin security patch? If not, what vulnerabilities would I be leaving myself and other people using my CMF open to? Note: I'm not concerned about shared hosting. It's expected that anyone using my CMF would have administrative control over their web server. Suhosin was a

I'm not familiar with Suhosin (never used it) but if possible I need to check using PHP whether it is installed. This is for part of an installer that I'm writing. Thanks. Mikhail Chernykh To detect the Suhosin Extension use extension_loaded() no matter if it is dynamically loaded or statically compiled: extension_loaded('suhosin'); To detect the Suhosin-Patch, check for the constant presence: constant("SUHOSIN_PATCH"); simply write a php file in your document root like <?php phpinfo(); ?> it will print all the information related to php installation just find for the "suhosin" block in it is