Modx Evo with PHP 5.4 and eval - php

Got a bit of an issue with Modx and latest version of PHP.
It's a very old version of Modx (don't ask - I have exactly the same thoughts, wasn't in my control). The site is working fine on PHP 5.2.
The problem is the web host is upgrading to PHP 5.4 - as a result the site breaks completely. The one issue I can't get a solution for is the use of eval within manager/includes/document.parser.class.inc.php under "evalSnippet()" function where it calls depreciated eval() function.
I've looked at possibliity of upgrading Modx to latest which is 1.0.9, however this still uses eval() -> even though it explicity states this version supports PHP 5.4. Below is the code:
function evalSnippet($snippet, $params) {
$etomite= $modx= & $this;
$modx->event->params= & $params; // store params inside event object
if (is_array($params)) {
extract($params, EXTR_SKIP);
}
ob_start();
$snip= eval ($snippet);
$msg= ob_get_contents();
ob_end_clean();
if ((0<$this->config['error_reporting']) && isset($php_errormsg))
{
$error_info = error_get_last();
if($error_info['type']===2048 || $error_info['type']===8192) $error_type = 2;
else $error_type = 3;
if(1<$this->config['error_reporting'] || 2<$error_type)
{
extract($error_info);
if($msg===false) $msg = 'ob_get_contents() error';
$result = $this->messageQuit('PHP Parse Error', '', true, $type, $file, 'Snippet', $text, $line, $msg);
if ($this->isBackend())
{
$this->event->alert("An error occurred while loading. Please see the event log for more information<p>{$msg}{$snip}</p>");
}
}
}
unset ($modx->event->params);
return $msg . $snip;
}
Is there away around this? Has anyone managed to get Modx Evo working with PHP 5.4?

Continued from comments on original post...
session_is_registered() is deprecated as of PHP 5.3. You'll need to check through your snippets and find out which one is using this function, then replace it with isset($_SESSION['name_of_variable']).
Quickest way to find it would be to run a %LIKE% search in phpMyAdmin for session_is_registered on the modx_site_snippets table

Related

broken preg_match function ? (php 7.4.2)

I have a very strange problem.
When I open the script below in the browser and execute it, everything works as expected. Even if I call the script in the command line, I have the expected result.
But if I run the script in a background job, the script aborts in the "preg_match" function without any error. I don't have an error message for this anywhere, neither in the logs nor anywhere else. I also checked if the function exists and it does.
The script just seems to abort at preg_match and doesn't show any message about possible errors. So i'm getting only the output "CHECKPOINT 1".
I have checked the PHP versions and everywhere the same version (same path). Also the settings of pcre are identical.
Is it possible that I have different modules or functions for preg_match? Is there any way I can check what happens in the function?
with try & catch i don't get any information about the problem.
<?php
class pcre_check
{
public function setUp() {
}
public function perform() {
echo "CHECKPOINT 1";
preg_match("/[0-9]{4}/", "6876 ABCDEFGH", $matches, PREG_OFFSET_CAPTURE);
print_r($matches);
echo "CHECKPOINT 2";
}
public function tearDown() {
}
}
$test = new pcre_check();
$test->setUp();
$test->perform();
$test->tearDown();
?>
Systeminfos:
Apache server
PHP 7.4.2
The same script works online on the production server. Only on my local server I have this problem.
It seems there is an issue with regular expressions. The function preg_replace isn't working too but str_replace with replacement of a normal string is working.
It seems that it is working now. I didn't find the problem, but after the update to macOS Big Sur it seems to work now.

Unusual error in code igniter system file when deployed to a VPS server

I recently finished building my site using code igniter on WAMP local server and tested it on a shared hosting server (from Namecheap). Then I got VPS hosting plan (from iPage) and uploaded the files and did the necessary configs. However, I got this error when I tried accessing the site:
An uncaught Exception was encountered
Type: Error
Message: Call to undefined function ctype_digit()
Filename: /home/eastngco/public_html/system/core/Security.php
Line Number: 600
Problem is, the suspect file, Security.php, is a code igniter system file which I never messed with (everything I wrote was within the application folder). Below is a code snippet around the line in Security.php causing the error:
/**
* Get random bytes
*
* #param int $length Output length
* #return string
*/
public function get_random_bytes($length)
{
if (empty($length) OR ! ctype_digit((string) $length))
{
return FALSE;
}
if (function_exists('random_bytes'))
{
try
{
// The cast is required to avoid TypeError
return random_bytes((int) $length);
}
catch (Exception $e)
{
// If random_bytes() can't do the job, we can't either ...
// There's no point in using fallbacks.
log_message('error', $e->getMessage());
return FALSE;
}
}
// Unfortunately, none of the following PRNGs is guaranteed to exist ...
if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE)
{
return $output;
}
if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE)
{
// Try not to waste entropy ...
is_php('5.4') && stream_set_chunk_size($fp, $length);
$output = fread($fp, $length);
fclose($fp);
if ($output !== FALSE)
{
return $output;
}
}
if (function_exists('openssl_random_pseudo_bytes'))
{
return openssl_random_pseudo_bytes($length);
}
return FALSE;
}
I have no idea what random bytes or ctype_digit() means!
I did some digging on the web to see if a similar problem (and its solution) would pop, but nothing did. I need help fixing this please.
If it means anything, the PHP version that comes with my hosting plan is version 7, and I have SSL.
Ipage has a support page to enable the ctype extension, please read this article, using code igniter and PHP: 7.4.10, I receive this error message: Call to undefined function ctype_digit().
Enabling this extension in Ipage the problem was solved in my case.
Article:
https://www.ipage.com/help/article/how-to-enable-ctype-so-extensions-in-php-ini
Looks like your provider might have explicitly disabled those types of functions. It should be enabled by default. Try contacting your provider for some support on enabling these, or reinstalling PHP without that flag turned off.
http://us2.php.net/manual/en/ctype.installation.php
Additionally, you could try and inspect a phpinfo() page to confirm whether ctypes are enabled or not. It seems weird that they would turn it off, so this would help figure out if this is part of the issue.

Coded on Windows, Not working on Linux

I'm having issues with my code on Linux, It works fine on Windows which is running PHP 7.1 and Linux is running PHP 7.0. Looking at my code it doesn't look like I am using any of the features that came in 7.1 and are not in 7.0.
If I call this method on its own it works fine, When it is used within my other code it doesn't seem to run at all.
public function titleRegex($title){
$re = "/^.+?(?=\\s*[(.]?(\\d{4}))/mi";
$str = "$title";
if(preg_match_all($re, $str, $matches) != null) {
if (!empty($matches[0])) {
$arrayString = implode('', $matches[0]);
return $arrayString;
}
}
return $title;
}
$title = pathinfo($name, PATHINFO_FILENAME);
$regexTitle = $this->titleRegex($title);
$imdbQuery = $this->imdbScraper($regexTitle);
$location = base64_encode(pathinfo($name, PATHINFO_DIRNAME));
// SQL Data is here
When I run the directoryscanner it attempts no regex, If I call the regex method on its own and pass my own values into it, It works fine. Also I have installed PHP7.0-curl and when I do a curl request on all the movie titles it returns nothing... but if I call the method on its own it works fine. I am totally lost what could be causing this.

PHP filter_input(INPUT_SERVER, 'REQUEST_METHOD') returns null?

Why does this line return null in my live server?
filter_input(INPUT_SERVER, 'REQUEST_METHOD');
The live server is php5.5.9
Have I missed something?
I thought it is used to replace the global method below?
$_SERVER['REQUEST_METHOD'];
some of the code,
public function __construct()
{
// Construct other generic data.
$this->clientRequestMethod = filter_input(INPUT_GET, 'method'); // such as list, add, update, etc
$this->clientPostMethod = filter_input(INPUT_POST, 'method'); // such as update
$this->serverRequestMethod = filter_input(INPUT_SERVER, 'REQUEST_METHOD'); //such as get or post
}
public function processEntry()
{
// Determine the $_SERVER['REQUEST_METHOD'] whether it is post or get.
if ($this->serverRequestMethod === 'POST' && $this->clientPostMethod != null)
{
$this->processPost();
}
else if($this->serverRequestMethod === 'GET' && $this->clientRequestMethod != null)
{
$this->processRequest();
}
}
So the problem/bug is this:
filter_input() doesn't work with INPUT_SERVER or INPUT_ENV when you use FASTCGI
The bug has been known for years and I found nothing saying it was addressed. I found several work-arounds but no complete solution so I plopped the best work-around into this helper function for a project-wide solution. To provide some level of security and avoid train wrecks, the function falls back to filter_var() where filter_input() fails. It uses the same format as the native filter_input() function for easy integration into projects and easy future removal should the bug ever be fixed.
function filter_input_fix ($type, $variable_name, $filter = FILTER_DEFAULT, $options = NULL )
{
$checkTypes =[
INPUT_GET,
INPUT_POST,
INPUT_COOKIE
];
if ($options === NULL) {
// No idea if this should be here or not
// Maybe someone could let me know if this should be removed?
$options = FILTER_NULL_ON_FAILURE;
}
if (in_array($type, $checkTypes) || filter_has_var($type, $variable_name)) {
return filter_input($type, $variable_name, $filter, $options);
} else if ($type == INPUT_SERVER && isset($_SERVER[$variable_name])) {
return filter_var($_SERVER[$variable_name], $filter, $options);
} else if ($type == INPUT_ENV && isset($_ENV[$variable_name])) {
return filter_var($_ENV[$variable_name], $filter, $options);
} else {
return NULL;
}
}
This seems the best solution. Please let me know if it contains errors that might cause issues.
I had the same problem where it was working on my local machine (OSX Mavericks, PHP version 5.4.24) and not on my live server (Cent OS 5). I upgraded the server from 5.3.9 to 5.5.15 (and added the mb and mcrypt functions although that's probably irrelevant) and now it works.
This probably isn't helpful if you're on a shared host but you could ask them if they can rebuild PHP/Apache.
I was having the same issue in my XAMPP localhost as well and was looking for solutions madly. What I ended up with, it is a known PHP bug for this function if you are running the PHP in FCGI mode (FCGI/PHP 5.4 in my case). I was confirmed going through this link.
The workaround I used is to filter_var($_SERVER['PHP_AUTH_USER'], FILTER_SANITIZE_STRING) but this is not an alternative of filter_input. filter_input is more secure.
FastCGI seems to cause strange side-effects with unexpected null values when using INPUT_SERVER and INPUT_ENV with this function. You can use this code to see if it affects your server.
If you want to be on the safe side, using the superglobal $_SERVER and $ENV variables will always work. You can still use the filter* functions for Get/Post/Cookie without a problem, which is the important part!
Source: http://php.net/manual/es/function.filter-input.php#77307
I solve it changing my php.ini from:
variables_order = "GPCS"
To:
variables_order = "GPCSE"
By default PHP wasn't registering the environment variables, so this change enabled them. The interesting is that the INPUT_SERVER variables came back to work too!
Just two addiotional informations, i am using PHP 7.0.13 and as said in other answers, this issue is related to a PHP bug.
Another option is use the following:
filter_var(getenv('REQUEST_METHOD'));
My personal solution was to change filter_input to filter_var :
With filter_input (not working on a Siteground shared hosting):
filter_input(INPUT_SERVER, 'REQUEST_URI')
With filter_var (now it works on Siteground)
filter_var($_SERVER['REQUEST_URI'],FILTER_UNSAFE_RAW, FILTER_NULL_ON_FAILURE)
The problem affects Apache + fcgid + php-cgi 8.1.9 too.
It't caused by auto_globals_jit enabled (default) . When disabled (in php.ini on php startup), filter_input(INPUT_SERVER) works correctly.

Fatal error: Call to undefined function checkdnsrr()

My application checks MX-records on the registration page. It works fine on my local development machine (Windows 7 with WAMP Server) and on my hosting account (Linux server). Recently I deployed the app on another hosting account and I got the following error when I tried to register an user:
Fatal error: Call to undefined function checkdnsrr() in
D:\home\memorytreephoto.com\wwwroot\MyCMS\controls\register\validate_email.php
on line 27
My code is below:
<?php
// ------------------------------------------------------------
// VALIDATE E-MAIL
// ------------------------------------------------------------
if (!filter_var($txbEmail, FILTER_VALIDATE_EMAIL)) {
$emailNotValid = $email_error;
$emailvalidate_error = 1;
}
if (filter_var($txbEmail, FILTER_VALIDATE_EMAIL)) {
if (domain_exists($txbEmail)) {
$emailvalidate_error = 0;
} else {
$emailNotValid = $emailmx_error;
$emailvalidate_error = 1;
}
}
// Check if MX-records are present
function domain_exists($emailtocheck, $record = 'MX') {
list($user, $domain) = preg_split('/#/', $emailtocheck);
return checkdnsrr($domain, $record);
}
?>
Does someone know how to fix this?
A look in the manual shows that this function exists on Windows only since PHP 5.3.0. You'd have to upgrade to that PHP version to make the function work.
Alternatively, there is a PEAR Class that provides the functionality to PHP versions < 5.3.0
This function is only available in PHP 5.3.0 or higher if you're running Windows.
Maybe you need to remove the checkdnsrr from disable_functions at php.ini file or maybe your hosting provider do not have this fuction in the php.ini. Check this also, another ideas about PHP version.

Categories