PHP5 breaking jump link

Forum Moderators: coopster

Message Too Old, No Replies

PHP5 breaking jump link

upgrade from php4 to 5 creating errors

Alex_TJ

1:00 pm on Sep 12, 2011 (gmt 0)

Our server has PHP4 and I trying to enable PHP5 to use piwik.
When I add the line to htaccess it all seems fine, except the jump script, which no longer works.
I've pasted it below:

<?php
if(strpos($w, "http://www.example.com") !== FALSE) // must use !== not != 
{ 
$w = $_GET['w'];
} 
else 
{ 
header("HTTP/1.0 404 Not Found"); 
exit; 
} 
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
etc

The strpos for the URL is to avoid X site problems, which unfortunately I learned the hard way...
I'm not a programmer, just a trial and error guy. Can anyone please help?

penders

2:13 pm on Sep 12, 2011 (gmt 0)

I can't see anything that would break by moving from PHP4 to PHP5 with your script.

When you say "no longer works", what exactly no longer works? Any errors?

if(strpos($w, "http://www.example.com") !== FALSE)

What is $w? In the script you have posted it is not initialised to anything so you should always get a 404?!

Just a thought... you mention htaccess, are you enabling PHP5 by adding a line to htaccess? Are you using FastCGI? The manual states [uk3.php.net] that in such circumstances you should use this instead...

header("Status: 404 Not Found");

Alex_TJ

2:35 pm on Sep 12, 2011 (gmt 0)

Thanks for replying - w is the URL where the link jumps to, so for example www.example.com/go.php?w=http://www.example.com/destination
I'm including

AddType x-mapp-php5 .php

in the htaccess, though I don't know about FastCGI (it's standard 1&1 hosting if that helps). It throws a 404 (the header, not the actual custom 404 page) instead of going to the new URL. Does that clarify anything?

penders

3:19 pm on Sep 12, 2011 (gmt 0)

w is the URL where the link jumps to, so for example www.example.com/go.php?

And is this definitely being assigned at some earlier point in your script? It's just that the script you have posted does not assign anything to $w, which would result in the 404, which seems to be what's happening. The following script looks a bit back to front...

if(strpos($w, "http://www.example.com") !== FALSE) 
{  
$w = $_GET['w'];

Alex_TJ

3:33 pm on Sep 12, 2011 (gmt 0)

I copied and pasted in the the entire script in the first post.
The script works fine with PHP4 - essentially, if it doesn't contain www.example.com 404 it, otherwise we're good to go and get the URL 'w', which is assigned by the URL.
If there's a better way of doing it though, that avoids any x site problems and works in PHP5, any suggestions are welcome :)

penders

4:36 pm on Sep 12, 2011 (gmt 0)

I think the script is relying on

register_globals

being enabled. It might have been enabled by default in earlier versions of PHP 4, but in later versions it was disabled and it is certainly disabled by default in PHP 5 (security issues).

register_globals

would enable $w to be implicitly assigned the value of the w param in the URL. But the slightly confusing thing in your code is that the statement

$w = $_GET['w'];

would then be superfluous.

Anyway, re-jigging your code... try...

<?php 
$w = isset($_GET['w']) ? $_GET['w'] : null; 
if (strpos($w, "http://www.example.com") === false) 
{  
  header("HTTP/1.0 404 Not Found");  
  exit;  
}  
?>

Alex_TJ

5:10 pm on Sep 12, 2011 (gmt 0)

Thanks Penders!
That worked, and now I have to do a bit of research into isset to find out why :)
PHP5 has also thrown another error I've just noticed, with the contact form:
"Warning: preg_match() [function.preg-match]: Compilation failed: range out of order in character class at offset 32"
If I understand it correctly, I've got a dodgy character in the basic anti-spam part:


if (preg_match( "/bcc:|cc:|multipart|[url|Content-Type:/i", implode($_POST))) {
 $spam=true;
}
if (preg_match_all("/<a|http:/i", implode($_POST), $out) > 3) {
 $spam=true;
}

Is it the square bracket or the backslash that's the problem? Is PHP5 really worth it? :/

penders

6:44 pm on Sep 12, 2011 (gmt 0)

isset() just makes sure that the variable does actually exist before it is used. Otherwise (depending on the error_reporting level) this could trigger an E_NOTICE (what might look like an error message) - but it would also do this under PHP 4.

if (preg_match( "/bcc:|cc:|multipart|[url|Content-Type:/i", implode($_POST))) {

To be honest, I would be surprised if this worked under PHP4! In fact I would guess that it didn't work but the error_reporting level was set such that Warnings were simply not output?! Yes, the square bracket is the problem. Is it required? If not, simply remove it. Or, escape it with a backslash

\[

You mention a backslash, but there are only forward slashes (or just 'slashes') in the code. Forward slashes lean forward, backslashes lean backward. :)

Is PHP5 really worth it? :/

Absolutely! :) Actually, the problems that have been highlighted here are not really PHP 5 issues at all, they could have been a problem with PHP 4 in just the same way.

Alex_TJ

7:21 pm on Sep 12, 2011 (gmt 0)

OK the backslash thing shows my brain's fried...my bad. It's all good and (seems) to be up and running.
There was no error reported in PHP4 with the square bracket, so essentially PHP5 doesn't stand for any sloppiness!
Thanks penders, I owe you a beer!