/
Suhosin and Memory Limits in PHP

Suhosin and Memory Limits in PHP

Recently we installed In-Portal on a web server with Suhosin module installed.

Briefly what it does:

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

On production server we experienced issue with Memory Limit when we have set Memory limit to 50M in beginning of the script and then trying to change that to -1 (unlimited) for image re-sizing in ImageHelper class. However it's still being set to 50M. Below is the test case from that server:

ini_set('display_errors', 1);
error_reporting(E_ALL);
echo 'suhosin.memory_limit = ' . ini_get('suhosin.memory_limit') . '<br/>';
ini_set('memory_limit', '50M');
ini_set('memory_limit', -1);
echo 'ML: memory_limit = ' . ini_get('memory_limit') . '<br/>';

In particular Suhosin module limits memory, that a PHP script can use. This way setting -1 (unlimited) would in fact set memory from suhosin.memory_limit setting of php.ini file.

I believe we should change our default 50M memory limit in /core/kernel/startup.php to be set to 128M. Additionally we have Moving "Memory Limit" to Config.php discussion where we want to have ability to custom set Memory Limit from the template.

 

What are your thoughts on this ?