Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved Users see PHP code
#1
Not Solved
Hi All,

A couple of my visitors are seeing the whole php page output (the php code) when viewing Todays posts and it seems just one particular forum.

Its random, doesnt happen all the time, these users all seem to have chrome browser and i see the following errors in the apache error log with the users IP address

request failed: error reading the headers

So its hitting this error then just outputting the full php file contents to the browser.

Has anyone ever had the same issue? I really don't know where to start as its totally random.

Iv downloaded chrome and cannot reproduce the issue myself. But im seeing around 50 of these error logs each day from several ip addresses of active users.

Im using latest mybb version. Any pointers?

#2
Not Solved
actual php files do not come into visibility !! error log is giving reference of php files as visitors were accessing your forum's
locations which related to referred files in error log . if error log refers to search.php then visitor was using search function ..
#3
Not Solved
trust me, the php page outputs everything to the browser. The user copied me the entire page code.
#4
Not Solved
If the actual PHP source code is being displayed, it means your web server isn't handling PHP file correctly. Could you give us a screenshot of what is actually happening.
#5
Not Solved
Iv aksed the user for a screenshot thanks, but it litterally is the full output of the php code

starting with

<?php

and ending with

?>

its ALL the mybb code in between.

Its like the server is seeing these "request failed: error reading the headers" errors (as seen in apache error_log) but instead of erroring, it just dumps the whole page and doesnt run it as a php page.
I do see a few errors of the same nature from all around the forum for the users IP address. But it appears the php code only directly dumps to the browser on "todays posts" and one forum out of 20 and it doesnt do it all the time.
#6
Not Solved
What's your forum URL?

Can you post the error log?
#7
Not Solved
Hi alan,

http://www.superleaguefans.com/forum/

Error_log has rotated since the errors so i cant see them all but i saved one line from when i checked it.

error_log:[Sat Jan 14 12:47:42 2012] [error] [client 81.106.198.98] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/


just got some more from one of the visitors. Only seems to happen with a few of the users ... as said, i know one is using google chrome, she says no issue with internet explorer though.

[Sun Jan 15 14:02:57 2012] [error] [client 86.170.141.84] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/forum-41.html
[Sun Jan 15 14:02:58 2012] [error] [client 86.170.141.84] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/forum-41.html
[Sun Jan 15 14:03:01 2012] [error] [client 86.170.141.84] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/forum-41.html

[Sun Jan 15 14:03:59 2012] [error] [client 86.170.141.84] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/thr...84319.html

[Sun Jan 15 14:04:05 2012] [error] [client 86.170.141.84] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/index.php
[Sun Jan 15 14:04:05 2012] [error] [client 86.170.141.84] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/index.php

[Sun Jan 15 14:03:16 2012] [error] [client 86.170.141.84] request failed: error reading the headers, referer: http://www.superleaguefans.com/forum/sea...a2d529f185
#8
Not Solved
I'm using Chrome and I can't reproduce either.

Go to ACP >> Tools & Maintenance >> File Verification >> Yes

Do any files show up in red? If they do can you list them?

There's some messy code in your headerinclude template, I doubt that's causing it but it won't hurt to clean it up, all the &nbsp; need removing:

<script type="text/javascript">



&nbsp; var _gaq = _gaq || [];

&nbsp; _gaq.push(['_setAccount', 'UA-768802-8']);

&nbsp; _gaq.push(['_trackPageview']);



&nbsp; (function() {

&nbsp;&nbsp;&nbsp; var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

&nbsp;&nbsp;&nbsp; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

&nbsp;&nbsp;&nbsp; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

&nbsp; })();



</script>


Forum Jump:


Users browsing this thread: 1 Guest(s)