I'm running PHP5.6 on ubuntu12.04 as apache 2.4 module Suhosin is installed from sources
Suhosin is enabled and I can see it in phpinfo() function output. I have these lines in the suhosin.ini:
suhosin.executor.disable_eval = On
suhosin.executor.disable_emodifier = On
And I can also see them enabled in phpinfo(). Both globally and locally.
But for some reason simple
eval('echo 5;');
just shows me the damn “5”!!!
Same does
preg_replace("/.*/e", "eval('echo 5, PHP_EOL;')", ".");
How do I enable that suhosin?
You have to check both local and master values in your phpinfo() for the lines suhosin.executor.disable_eval and suhosin.executor.disable_emodifier in order to be sure that the configuraton file is read correctly, and not only for the activation of suhosin.
The local value of those directive should be set to 'On'.
If the local is Off but the master is On, then your virtualhost configuration might override this parameter. If both are Off, then you're suhosin.ini is not parsed correctly
You also have to chech that suhosin.simulation (debug mode) is set to Off.