I am using CakePHP 2.1.2 with PHP 5.3.5 and a plugin called 'Cakemenu' which normally works fine. The plugin stores menus in a db table with the menu link stored as text like
array('plugin'=>null,'controller'=>'assets','action'=>'index');
The helper in the plugin gets those values, then executes this code to convert that text to an array:
//Try to evaluate the link (if starts with array)
if (eregi('^array', $value['Menu']['link'])) {
$code = "\$parse = " . $value['Menu']['link'] . ";";
$result = eval($code);
if (is_array($parse)) {
$value['Menu']['link'] = $parse;
}
}
Everything works fine unless CakePHP is handling an error. For example if I mistype the name of a controller in the browser I should get a menu and then the missing controller message. Instead I get a page full "Parse error: syntax error, unexpected $end in..." messages pointing to the line with the eval statement. If I printout the variable that is getting eval'ed I see that it has been (incorrectly) encoded with Html entities when it normally does not.
Good string to be eval'ed:
$parse = array('plugin'=>null,'controller'=>'assets','action'=>'index');
Bad string to be eval'ed:
$parse = array('plugin'=>null,'controller'=>'Parts','action'=>'add');
To temporarily fix the problem I added two statements to just replace the offending characters
$value['Menu']['link'] = str_replace( ''','\'',$value['Menu']['link']);
$value['Menu']['link'] = str_replace( '>','>',$value['Menu']['link']);
and everything works great again. Some other pieces of information that might be helpful is that the array of data used to generate the menu is read during the beforeFilter of the app and saved in a view variable and then the menu is generated as an element in the view.
I'm thinking that the error causes CakePHP (or PHP) to skip some loading or configuration process and that causes the string to be mishandled. Any help would be appreciated, thanks
Your beforeFilter() method won't be executed on error pages. You'll have to handle your errors yourself and manually call beforeFilter(). I wrote a blog post on how to use custom error pages - pay close attention to the Controller Callbacks section.
Related
I'm building an SPA in AngularJS served by a Laravel (5.1) backend. Of late I've been encountering an annoying error, a server 500 or code 0 error which is abit hard to explain how it comes but let me try to may be someone will understand the dental formula of my problem.
When i start my AngularJS controller, I make several server calls (via independent $http calls from services) to retrieve information i might later need in the controller. For example,
Functions.getGrades()
.then(function(response)
{
$scope.grades = response.data;
});
Subjects.offered()
.then(function(response)
{
$scope.subjects = response.data;
});
Later on i pass these variables (grades or subjects) to a service where they are used for processing. However, these functions are randomly returning code 500 server errors after they run, and sometimes returning status code 0 after running. This happens in a random way and it is hard for me to point out the circumstances leading to their popping up. This leaves me with frequent empty Laravel-ised error screens like the ones shown below.
Anyone reading my mind?
Ok, after a suggestion given in a comment above that I check my Laravel log files (located in storage/logs/laravel.log- Laravel 5.1), i found out that the main error most of these times was this one: 'PDOException' with message 'SQLSTATE[HY000] [1044] Access denied for user ''#'localhost' to database 'forge'' in ..., plus another one that paraphrased something like No valid encrypter found. These were the key opener.
On reading another SO thread here, it said in part:
I solved, sometimes laravel not read APP_KEY in .ENV. And returns a value "SomeRandomString" (default is defined in config / app.php), and have the error "key length is invalid", so the solution is to copy the value of APP_KEY, to the value 'key 'in config / app.php, that's all! I solved!
That was exactly the issue! When loading the DB params from the .env to config/database.php, Laravel was sometimes unable to read the environment variables and went for the fallback default fallback options (forge for DB name and username and SomeRandomString for the APP_KEY). So, to solve this i just did as advised: copied the APP_KEY in .env to the config/app.php and edited the default DB parameters to the actual DB name and username/password I'm using. Just that and i was free from pollution. Hope someone finds this helpful.
One tutorial thought me, that I can fill my template with content, by putting:
$this->template->body = $this->response->body();
But, I cant see where the response is being populated. Even dumping the request and response, its just empty.
And secondly, how can I make advantage of the already built in Request class, to get some output from a function, without actually redirecting to that method ? Lets say:
$content = Request::factory('news/latest')->execute();
kind regards.
Using $this->template->body assumes that you are using Controller_Template controller. $this->template is a variable within Controller_Template representing View file application/views/template.php.
Setting something to $this->template->body passes $body variable to template view file. You can than use it (like echo $body;) within template view.
To get output from $content = Request::factory('news/latest')->execute(); your controller which handles news/latest Route must produce some output.
Than you can get this output like:
$response = Request::factory('news/latest')->execute();
$content = $response->body();
I have a problem and i have no idea what's wrong.
I have build a basic authentication system, simple one. but what i noticed is that the URL- from the side bar is different from the one that is generatet from cakephp for example:
http://localhost/sitename/users
is the url that displays on toolbar.
When i do:
echo Router::url($this->here, true );
the result is:
http://localhost/sitename/sitename/users
The site still works, but time after time generates an error such as:
http://localhost/sitename/sitename/users/
Missing Controller
Error: SitenameController could not be found.
Error: Create the class SitenameController below in file: app\Controller\SitenameController.php
<?php class SitenameController extends AppController {
}
So i dont know what is causing the problem...
If someone, anyone could help me i would very appruciate it...
Thank you very much.
Your app is in a subdirectory so you should use
Router::url(null, true);
If the $url param is null the method will find the address to the actual controller/action. Read more here.
From the book:
$this->request->here contains the full address to the current request.
The full address includes the subdirectory as well. So if you use Router::url() with the $full param set to true it "duplicates" the subdirectory.
I use html2pdf, which is based on TCPDF, in CakePhp to render Views in PDF.
However, sometimes the generation hangs, I mean the browser freezes and never receives data.
There is a way to debug such a behavior? In apache logs I do not see any kind of error...
$this->set(compact('quotation','company','user'));
$view = new View(null, false);
$view->set(compact('quotation','company','user'));
$view->viewPath = 'Quotations';
$view->layout = 'preventivo';
if ($quotation['Quotation']['quotation_type'] == SERVICE)
{
$content = $view->render('print_s_template');
$this->set(compact('content'));
$this->response->type('pdf');
$this->render('print');
the print.ctp has
App::import('Vendor', 'HTML2PDF', array('file' => 'html2pdf'.DS.'html2pdf.class.php'));
$html2pdf = new HTML2PDF('P','A4','it');
$html2pdf->WriteHTML($content);
$html2pdf->Output('exemple.pdf');
and the html is in print_s_template.ctp.
I found a solution myself. The problem is that I forgot to pass some variables to the View $view. And I suppose cake throw an error which, next, html2pdf cannot "render".
So: double check that all the variables in the view do exist!
Stack community.
I'm using the eval() function in PHP so my users can execute his own code in my website (Yes, i know it is a dangerous function, but that's not the point).
I want to store all the PHP errors that occur during the interpretation of the code, is there a way to fetch all of them? i want to get and register them in a table of my database.
The error_get_last gets only the last error, but i want all of them.
Help me, please. It is even possible?
General
You cannot use eval() for this, as the evaled code will run in the current context, meaning that the evaled code can overwrite all vars in your context. Beside from security considerations this could / would break functionality. Check this imaginal example:
$mode = 'execute'
// here comes a common code example, it will overwrite `$mode`
eval('
$mode = 'test';
if(....) { ...
');
// here comes your code again, will fail
switch ( $mode) {
...
}
Error Tracking
You cannot track the errors this way. One method would be to use set_error_handler() to register a custom error handler which stores the errors to db. This would work, but what if the user uses the function in it's code? Check the following examples:
set_error_handler('my_handler');
function my_handler($errno, $errstr, $errfile, $errline) {
db_save($errstr, ...);
}
eval('
$a = 1 / 0; // will trigger a warning
echo $b; // variable not defined
'
);
This would work. But problems will arise if have an evaled code like this:
eval('
restore_error_handler();
$a = 1 / 0; // will trigger a warning
echo $b; // variable not defined
'
);
Solution
A common solution to make it possible that others can execute code on your servers is:
store user code into temporary file
disable critical functions like fopen() ... in the php.ini
execute the temporary php file by php-cli and display output (and errors) to the user
if you separate stdin from stdout when calling the php-cli, you can parse the error messages and store them in a DB
According to the documentation, you just can't :
If there is a parse error in the evaluated code, eval() returns FALSE and execution of the following code continues normally. It is not possible to catch a parse error in eval() using set_error_handler().
EDIT: you can't do it with eval(), but you apparently can with php_check_syntax function. You have to write the code to a file in order to check its syntax.