On Wed, 8 Nov 2017 at 03:03 Mckinnell, James <[email protected]>
wrote:
> Initial report of failure to access the Wordpress site - Apache showing Error
> 500
> Apache error.log shows:
> [Wed Nov 01 10:32:53 2017] [error] [client xx.xx.xx.xx] PHP Parse error:
> syntax error, unexpected end of file in
> /usr/share/wordpress/wp-includes/ms-functions.php on line 2016
>
> Hi Jim,
The error is in the bottom of Debian patch CVE-2017-14990 produced by, I
believe the LTS team. In the patch header it mentions Marcus as the author
who I have CC'ed into this bug report.
Your analysis is correct about the braces, at the near-end of that patch
you see.
- if ( empty( $signup ) )
+ if ( ! $wp_hasher->CheckPassword( $key, $signup->activation_key ) )
{
You can see that the removed line has no brace, while the added line has
one.
I don't believe the add_action line is a mistake as its not added in by
that patch. It is a syntax error because the function is loaded in before
this file is parsed. It's one of those awfulness about PHP that makes
debugging so much fun. I use the lint command (php -l myfile.php) to check
the patches but even that is not 100% unfortunately.
Hi Marcus, are you able to fix wheezy? I assume it was the LTS team that
did this one as it doesn't appear in the Jessie patch list.
- Craig
--
Craig Small https://dropbear.xyz/ csmall at : enc.com.au
Debian GNU/Linux https://www.debian.org/ csmall at : debian.org
Mastodon: @[email protected] Twitter: @smallsees
GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
