Remove references to Suhosin and its INI settings
The Suhosin extension is no longer being developed, and its developers
never made a proper release for PHP 7.[1]
The suggested replacement, Snuffleupagus, does not have a configuration
setting for limiting the length of a request value[2]. If one existed,
it would be in the extension's own config file[3], not in php.ini.
Snuffleupagus does have a session encryption feature, which is similar
to that of Suhosin.[4] Note, however, that with the introduction of the
SessionManager framework, such a feature is incompatible with more than
just RequestContext::importScopedSession(). Snuffleupagus fails to
decrypt the string returned by PHPSessionHandler, zend_bailout() is
called[5], and an empty response is sent (unless, of course,
$wgPHPSessionHandling is set to 'disable').
[1]: https://github.com/sektioneins/suhosin7
[2]: https://github.com/jvoisin/snuffleupagus/blob/v0.8.3/config/suhosin.rules#L239-L251
[3]: https://snuffleupagus.readthedocs.io/config.html
[4]: https://snuffleupagus.readthedocs.io/cookies.html#cookie-encryption
[5]: https://github.com/jvoisin/snuffleupagus/blob/v0.8.3/src/sp_session.c#L53-L56
Change-Id: I561729fe2e3b57523de78ce63870987ab91cfd37
17ba1988c0