From:             [EMAIL PROTECTED]
Operating system: linux (redhat7.1)
PHP version:      4.0.6
PHP Bug Type:     Unknown/Other Function
Bug description:  hack? following is a discussion of the hack...... Is PHP the 

To: Bård Farstad <[EMAIL PROTECTED]>
Subject: Re: FYI:more the funny problem

I use REDHAT 7.1 and whatever comes with it plus what needs to be loaded for eZPublish.

Everything works correctly on my test server: the browser (netscape 4.7+) displays the 
ad ok.  The client test machine in a win98 2nd ed with netscape and IE.  (I originally 
tested the client on the win machine so I could if IE displayed the site correctly.) 
Both browsers display the "problem" on the client machine.  So I don't think the 
problem on the client side.  It is not eZpublish.  So it has to be in the apache or 
the apache modules.  My guess is that it is in the PHP module. 

I tried one other case: I copied the print line in ezadlist and put it AFTER the ?> 
line WITHOUT the  print function name, the  (, ), and the ; .  The html was still 
commented out only on the remote browser.  I could have snooped (tcpdump on linux) the 
server output, but since I got in a  workaround, I figured I just wait until I had 
time to look into the PHP code.

Since you've been so helpfull :) I thought I'd let you know about the "joke" so you 
weren't caught unaware..

I am forwarding this mail exchange to the PHP group.  OK?


To: Bård Farstad <[EMAIL PROTECTED]>
Subject: Re: FYI:more the funny problem

Ah now you ARE getting it.  ezad doesn't do it, the php apache module does it.

any html tag "<something ... /something>" with the /ad/ string gets commented out 
(<--! before  and !--> after) that gets sent to a remote client.

As I said if you changed the adlist to:
print  "<a target=\"_blank\" href=\"/";
print "a";
print "d";
print ("goto/$adID/\"><img src=\"$imgSRC\" width=\"$imgWidth\" height=\"$imgHeight\" 
border=\"0\" alt=\"\" /></a><br />" );

it still wouldn't work so it MUST be done in the PHP module.

print( "<a target=\"_blank\" href=\"/add/goto/$adID/\"><img src=\"$imgSRC\" 
width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" );

works fine as long as you do a softlink from /ezad to /ezadd. (notice I changed the 
/ad/ to /add/)

great huh, 

watch out for it.  Again I noticed this in php 4.0.6  I didn't test a remote client 
when I used php 4.0.5

At 04:27 PM 7/2/01 +0200, you wrote:
Hi Mark,

I don't understand how the eZ ad module can do this.. All it does is print a 
link with image like this:

print( "<a target=\"_blank\" href=\"/ad/goto/$adID/\"><img src=\"$imgSRC\" 
width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" 

Have I misunderstood something?

Bård Farstad
Systems developer | |

To: Bård Farstad <[EMAIL PROTECTED]>
Subject: Re: FYI:more the the funny problem


On the server, when I use the netscape client to view the "page source",  I see the 
correct HTML for the banner ad.  On a client,  with netscape (or IE) when I view the 
SAME PAGE source, I see the HTML line for the banner ad commented out.

I ran the following test: When I output anything with the 4 character string /ad/ , 
the html gets commented out.  I tested this with print and echo.  I also used several 
print statements outputing a letter at a time. The result is the same: the html with 
/ad/ ONLY when going to the client on another computer is commented out.

This is using php 4.0.6  that I downloaded from site from the download link

and compiled myself.  I gave up looking for the module, figuring that a later PHP 
version won't have it.  My workaround is to change the line in adlist.php from /ad/ to 
/add/ and to put a softlink from ezad to ezadd.

Pretty conclusive to me.  watch for it.  PHP 4.x has a single point that all the 
output goes through.  My guess is that the malicious code is there.  In my PHP 4.0.6 
distribution anyway.


 At 09:10 AM 7/2/01 +0200, you wrote:

not sure what problems you are having with the banner ads. They're not 
dependant on the host viewing the page. If you're using the current CVS then 
expect the code not to work (right now).

I've got a few things to fix in ezcalendargroup edit and then I'm done.  Everything is 
pretty slick.  I'll spend a day or so adding some content and should be on the net by 
wednesday at the earliest and monday at the latest.  After you get a chance to look at 
my site, I'll send you the code.


Bård Farstad
Systems developer | |

On Saturday 30 June 2001 21:16, you wrote:
> Sorry if I thought it was "you"  I think it is somewhere in the PHP code (I
> use 4.0.6).
> I'll spend another hour or so on it today.  Pretty funny if you think about
> it.   A person gets their stuff working and then puts it on the net only to
> find out sometime later that the banner ads never got displayed elsewhere,
> only on their development machine.  I will find it.  I don't feel spending
> my processor $$ on searching for the banner string.
> The calendar code is coming along nicely.   I just fixing a few minor
> problems.  I intend to get restarted on getting the production machine on
> the network.
> I think the I don't if you guys put it in the code or not but there is a
> problem.   The work-around is pretty simple.
> It seems that the html is post-processed somewhere looking for the banner
> code.  When the client is on another computer the banner code is commented
> out.  So the user doesn't see the banner ad.  First I thought the print
> function was redefined, but that's not it.
> Is this something you guys did as a hack?
> Mark

Edit Bug report at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to