From: [EMAIL PROTECTED]
Operating system: linux (redhat7.1)
PHP version: 4.0.6
PHP Bug Type: Unknown/Other Function
Bug description: hack? following is a discussion of the hack...... Is PHP the
problem?????????
To: Bård Farstad <[EMAIL PROTECTED]>
Subject: Re: FYI:more the funny problem
I use REDHAT 7.1 and whatever comes with it plus what needs to be loaded for eZPublish.
Everything works correctly on my test server: the browser (netscape 4.7+) displays the
ad ok. The client test machine in a win98 2nd ed with netscape and IE. (I originally
tested the client on the win machine so I could if IE displayed the site correctly.)
Both browsers display the "problem" on the client machine. So I don't think the
problem on the client side. It is not eZpublish. So it has to be in the apache or
the apache modules. My guess is that it is in the PHP module.
I tried one other case: I copied the print line in ezadlist and put it AFTER the ?>
line WITHOUT the print function name, the (, ), and the ; . The html was still
commented out only on the remote browser. I could have snooped (tcpdump on linux) the
server output, but since I got in a workaround, I figured I just wait until I had
time to look into the PHP code.
Since you've been so helpfull :) I thought I'd let you know about the "joke" so you
weren't caught unaware..
I am forwarding this mail exchange to the PHP group. OK?
Mark
To: Bård Farstad <[EMAIL PROTECTED]>
Subject: Re: FYI:more the funny problem
Ah now you ARE getting it. ezad doesn't do it, the php apache module does it.
any html tag "<something ... /something>" with the /ad/ string gets commented out
(<--! before and !--> after) that gets sent to a remote client.
As I said if you changed the adlist to:
print "<a target=\"_blank\" href=\"/";
print "a";
print "d";
print ("goto/$adID/\"><img src=\"$imgSRC\" width=\"$imgWidth\" height=\"$imgHeight\"
border=\"0\" alt=\"\" /></a><br />" );
it still wouldn't work so it MUST be done in the PHP module.
using
print( "<a target=\"_blank\" href=\"/add/goto/$adID/\"><img src=\"$imgSRC\"
width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" );
works fine as long as you do a softlink from /ezad to /ezadd. (notice I changed the
/ad/ to /add/)
great huh,
watch out for it. Again I noticed this in php 4.0.6 I didn't test a remote client
when I used php 4.0.5
At 04:27 PM 7/2/01 +0200, you wrote:
Hi Mark,
I don't understand how the eZ ad module can do this.. All it does is print a
link with image like this:
print( "<a target=\"_blank\" href=\"/ad/goto/$adID/\"><img src=\"$imgSRC\"
width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />"
);
Have I misunderstood something?
--
Bård Farstad
Systems developer
ez.no | developer.ez.no | zez.org
To: Bård Farstad <[EMAIL PROTECTED]>
Subject: Re: FYI:more the the funny problem
mmmm.
On the server, when I use the netscape client to view the "page source", I see the
correct HTML for the banner ad. On a client, with netscape (or IE) when I view the
SAME PAGE source, I see the HTML line for the banner ad commented out.
I ran the following test: When I output anything with the 4 character string /ad/ ,
the html gets commented out. I tested this with print and echo. I also used several
print statements outputing a letter at a time. The result is the same: the html with
/ad/ ONLY when going to the client on another computer is commented out.
This is using php 4.0.6 that I downloaded from www.php.net site from the download link
http://www.php.net/do_download.php?download_file=php-4.0.6.tar.gz&source_site=www.php.net
and compiled myself. I gave up looking for the module, figuring that a later PHP
version won't have it. My workaround is to change the line in adlist.php from /ad/ to
/add/ and to put a softlink from ezad to ezadd.
Pretty conclusive to me. watch for it. PHP 4.x has a single point that all the
output goes through. My guess is that the malicious code is there. In my PHP 4.0.6
distribution anyway.
FYI
Mark
At 09:10 AM 7/2/01 +0200, you wrote:
Hi,
not sure what problems you are having with the banner ads. They're not
dependant on the host viewing the page. If you're using the current CVS then
expect the code not to work (right now).
I've got a few things to fix in ezcalendargroup edit and then I'm done. Everything is
pretty slick. I'll spend a day or so adding some content and should be on the net by
wednesday at the earliest and monday at the latest. After you get a chance to look at
my site, I'll send you the code.
Mark
--
Bård Farstad
Systems developer
ez.no | developer.ez.no | zez.org
On Saturday 30 June 2001 21:16, you wrote:
> Sorry if I thought it was "you" I think it is somewhere in the PHP code (I
> use 4.0.6).
> I'll spend another hour or so on it today. Pretty funny if you think about
> it. A person gets their stuff working and then puts it on the net only to
> find out sometime later that the banner ads never got displayed elsewhere,
> only on their development machine. I will find it. I don't feel spending
> my processor $$ on searching for the banner string.
>
> The calendar code is coming along nicely. I just fixing a few minor
> problems. I intend to get restarted on getting the production machine on
> the network.
>
>
> I think the I don't if you guys put it in the code or not but there is a
> problem. The work-around is pretty simple.
>
> It seems that the html is post-processed somewhere looking for the banner
> code. When the client is on another computer the banner code is commented
> out. So the user doesn't see the banner ad. First I thought the print
> function was redefined, but that's not it.
>
> Is this something you guys did as a hack?
>
>
> Mark
--
Edit Bug report at: http://bugs.php.net/?id=11839&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
