SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Mar 2007
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Important security question about php.

    PHP is one of the most popular languages on the net. Virtually all of the popular scripts available are written in php.

    On occasion I visit a php site and the page fails to load. Instead the server sends me a copy of the source code.

    I am not an advanced php coder however I know that isn't supposed to occur. So why does it? What are the causes?

    Thanks

    Ian

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,786
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    A PHP page displays as text if the server is configured to display that file type as text rather than run it as PHP. This can either be because the author used the wrong file extension or the server doesn't support PHP or it may be a glitch in the web server processing (rare if using a PHP extension - more common if using .htaccess to map a different extension to PHP).
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Zealot detzX's Avatar
    Join Date
    Oct 2006
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There was a news story about this, it happened to Facebook and someone got a copy of their homepage or something. I've had it happen on my server too, it's very rare on a server that's setup correctly and since it never repeats it's self it's very hard to track down. It's probably a bug in php that can't be caught.
    PERL rules anyways :P
    www.invoicejournal.com - Invoice clients for Free

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by detzX View Post
    ...It's probably a bug in php that can't be caught...
    It is not a PHP bug it has nothing to do with PHP. It is a server misconfiguration only. Completely independent of PHP and the server software used.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, it just means that Web Server is just not passing on the php files to zend engine, and the file is coming straight to the browser, unprocessed. Make sure, PHP is correctly configured in the server. Also, this situation has also been reported in cases when Apache is under enormous stress. That's exactly what happened with Facebook.

  6. #6
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I agree although I haven't personally seen that happen with mod_php only under CGI/suexec systems.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •