nukeSEO.com - PHPNuke SEO Search engine optimization, professional tools including nukeSEO, nukeSPAM, nukeFEED, nukePIE, nukeWYSIWYG and more

 

. Welcome to nukeSEO.com  ! 
.
.
.


.
nukeSEO.com: Forums


 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Fatal error
 Goto page Previous  1, 2
 
Post new topic   Reply to topic    nukeSEO.com Forum Index -> nukeFEED (tm)
View previous topic :: View next topic  
Author Message
montego
webmaster


Joined: Dec 26, 2005
Posts: 254

PostPosted: Tue Apr 08, 2008 6:47 am    Post subject: Re: Fatal error Reply with quote

There really are not 9999 feeds. There should be no valid links to this, but the problem is if someone accidentally has display errors on, a hacker can use this very simple "test" to see path information.

Yes, there could be a @ placed somewhere, but this is really a case of checking the input. If there is no feed found, shouldn't it handle it gracefully? I personally think that it should. But, that is JMO.
  
Back to top
View user's profile Send private message Visit poster's website
Brujo
webmaster


Joined: Sep 03, 2006
Posts: 20

PostPosted: Tue Apr 08, 2008 8:04 am    Post subject: Re: Fatal error Reply with quote

@guardian, sorry i dont want to do confuse you, first i have to check what the word befuddled means:-)

a & b comes together in my opinion, and the 9999 was just to reproduce and to see what happens if a not existing or not more existing feed was called, because the User has deleted it. And thats the point independent if the feed is not or not more existing there should be no warnings/errors generated in the error logs and not visible in the Browser in my opinion.
  
Back to top
View user's profile Send private message
kguske
Site Admin
Site Admin


Joined: May 12, 2005
Posts: 876

PostPosted: Tue Apr 08, 2008 12:00 pm    Post subject: Re: Fatal error Reply with quote

Since the feed isn't defined, it has no content type - so it needs to check for a blank content type before loading the class (or stop before that with an error page).
_________________
  
Back to top
View user's profile Send private message Visit poster's website
kguske






PostPosted: Tue Apr 08, 2008 1:56 pm    Post subject: Re: Fatal error Reply with quote

OK. Here's a solution. In includes/nukeSEO/nukeFEED.php, find:
Code:
    $feed = $db->sql_fetchrow($db->sql_query('SELECT * FROM '.$prefix.'_seo_feed WHERE fid = '.$fid));

Insert after:
Code:
    if ($feed['content']=='')

    {
#      header('HTTP/1.0 404 Not Found');
#      header('Status: 404 Not Found');
      header('Refresh: 0; url=invalidfeed'.$fid.'.html/', false, 404);
      die('Invalid feed');
    }

I left the first two headers as comments so you could test all 3 to see which works best for you.

Once I get enough feedback, I'll incorporate into the next release of nukeFEED and SVN for RavenNuke.
  
Back to top
Brujo






PostPosted: Tue Apr 08, 2008 3:57 pm    Post subject: Re: Fatal error Reply with quote

i tested it on my side with the following results:

1 header - works and put out 404 in the server logs and stops with Invalid feed in the Browser

2 header - the output is 200 in the server logs and stops with Invalid feed in the Browser - i think not so good

3 header - for me the best solution. put out 404 in the server logs, shows short time the Invalid Feed and redirects to my custom 404 errorpage in the Browser.

i did only a small correction and deleted the / after .html , this was needed to redirect prober to my 404 error page, but this can be happens, because i use the diserrors module for custom error pages...

Brujo
  
Back to top
kguske






PostPosted: Tue Apr 08, 2008 4:34 pm    Post subject: Re: Fatal error Reply with quote

Strange: I also use diserrors on this site, and left the /...
  
Back to top
Brujo






PostPosted: Wed Apr 09, 2008 12:36 am    Post subject: Re: Fatal error Reply with quote

i fixed this with diserror now , so it works with or without the / now..

however, the solution with the errorpage which comes up if a fedd dos not exist solved all the issues. My Logfiles are now clean no more warning & errors and no path information ist shown in the Browser if displays error is on (which i tested only) so i think this will help some Users.

thanks
Brujo
  
Back to top
Display posts from previous:       
Post new topic   Reply to topic    nukeSEO.com Forum Index -> nukeFEED (tm) All times are GMT - 5 Hours
 Goto page Previous  1, 2
 Page 2 of 2

 

Jump to:   
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001-2008 phpBB Group


Page Generation: 0.03 Seconds