SUHOSIN and eval()

vollkorn · Post by **vollkorn** » Sat Aug 04, 2007 2:42 am

Hi,

I get this error with my serendipity 1.1.3 on my webpage http://vollkorn.cryptobitch.de/

Bildergalerie
Bildergalerie

Bildergalerie (1 images)

Fatal error: SUHOSIN - Use of eval is forbidden by configuration in /home/vollkorn/public_html/bundled-libs/Smarty/libs/plugins/function.math.php(65) : eval()'d code on line 65

So, is there a solution, should I upgrade to s9y 1.2, or do you use the "evil" eval() there too? Maybe eval() can be replaced easily? Any other suggestions to get my blog running?

vollkorn · Post by **vollkorn** » Sat Aug 04, 2007 2:49 am

nb: my admin was so kind to allow eval() for me, but he'd like to see this solved in other ways and forbid eval() again, so it's just temporary.

mgroeninger · Post by **mgroeninger** » Sat Aug 04, 2007 3:07 am

Wow...

I was aware that the Smarty math functions had some performance concerns, but I didn't know they used eval....

Ok, this is actually coming from some really simple lines in the usergallery template files:

plugin_usergallery_imagedisplay.tpl:

Code: Select all

            <img class="gallery_thumb" {if $plugin_usergallery_file.dimensions_width > 480}width="480px" height="{math equation="round((480/x) * y)" x=$plugin_usergallery_file.dimensions_width  y=$plugin_usergallery_file.dimensions_height }px"{else}width="{$plugin_usergallery_file.dimensions_width}px" height="{$plugin_usergallery_file.dimensions_height}px"{/if}

plugin_usergallery.tpl:
Five lines; you can search for "math equation" to find them.

You can probably take a quick look through them and figure out which are unnecessary for your specific install. They are mostly to control image scaling and column control, I think.

The lines are all doing some really basic math stuff that I can probably push into php if I can get a little time. I'll try to do it over the next few days.

Thanks for pointing that out! I'll post when I get them updated.

mgroeninger · Post by **mgroeninger** » Sat Aug 04, 2007 5:08 am

Ok, I have updated the plugin to avoid using Smarty math functions.

This change did introduce two new settings to the plugin. One controls the tab spacing for the directory tree view, while the other controls the max. image size on the image pages. The defaults should not change.

If you use a custom usergallery template file based on the old template you will still be using the Smarty math functions, and will therefore be doing double work. It might be smart to update your template (which should be cleaner this way, anyways).

I bumped the version to 2.41, so Spartacus should pick it up next update.

vollkorn, thanks for finding this! Please let me know if you have any problems!

vollkorn · Post by **vollkorn** » Sun Aug 05, 2007 1:15 pm

Sorry, but actually I seem not to know how this update of spartacus works, because when I click "plugins verwalten", "Neue Versionen von Ereignis-Plugins" I get this messages but no new plugin, still version 2.40.

Ereignis-Plugins

Versuche URL package_event_de.xml zu öffnen...
188416 bytes von bereits bestehender Datei geladen. Speichere Inhalt als /home/vollkorn/public_html/templates_c/package_event_de.xml...

How long should it take until the update gets propagated?

mgroeninger · Post by **mgroeninger** » Sun Aug 05, 2007 5:01 pm

It should only take 24 hours at the most...

There might be a problem somewhere on the server that generates the new Spartacus files... I'll drop Garvin a note about it.

vollkorn · Post by **vollkorn** » Mon Aug 13, 2007 7:34 am

The update arrived some days ago, just to give a short notice. But I haven't tested yet if it works without eval(). Will do so when my admin answers me.