I encountered a weird issue with CodeIgniter xml-rpc. If some data in the request contains system (xxx) it is automatically converted to system &140;xxx&140;
It only happens when you have word system followed by opening and closing brackets.
For example if I send Bachelor in Information system (BIS) it is received as Bachelor in Information system &140;BIS&141;
Just wondering if anyone else has ever had this issue or know anything about this.
Thanks
That is caused by the CodeIgniter XSS filtering which is activated by default. It happens because system() is a command in PHP to execute shell code.
Simple workaround (not recommended): Deactivate it in config.php
$config['global_xss_filtering'] = FALSE;
Better workaround: Deactivate it on a per-case base in your XML-RPC controller, so in the server part set
$this->config->set_item('global_xss_filtering',FALSE);
Related
I have a HTTP response code. A part of it was changing with application upgrade, so I have created a variable for this and changing the variable after each upgrade and so that it will be automatically updated throughout the JMeter script.
Language|aB5U0Easj5xXnirzSu4eYyOxICkTU9uEgH4TPx/A++/hc6XBB3sgFdHmvXLriQxFq9RCj4T1Zq+fvzXouImGRIc93NkzkPUEMR1xqwMipVw4A4jJRruIBoLQ6SnP6JfOM3O7M0fV2bhJEHuRAoI04WmYI5eRfNCZhvG9e6Ye9h/8qyk8YRCMRfSjqaA1aZKAXPv1yYPFYXej+WDAt8L82LY/jW3URLc7LLDz/da87CZi3MLJgwRJvjhwB1fBu1Wp4mIR0e79ipNeGJyYY7ADxir0r9cYP611NTj+WF4tR5P7/epeDgexHXpuI/o2+q+vaALUn4+QikI+8KtSi5zE0g9oMJ39o/MIWpJIRAr0p4WmUoROB+6nTyNPG0MZaxKkuboD/7c/mdWzDOeB4eBOljGQpwg1PB53eWrSQJ8Gf7utR05sMOe87worG8lm34oAVlU/H32JzY82ig==
The above is the part which is changing and I have created a Variable as Language. And everything is fine till now.
Now, I am facing a new problem after upgrading my application. This variable is changing with every new login, because of this was unable to run the load test. It is giving me the following error.
java.lang.IllegalArgumentException: Error while decrypting message, close tab or re-login
Can someone came across similar issue or if anybody has some idea how to solve this. Please help me !!
So basically you are doing what is known as a "Correlation". The error you are getting is mostly related to correlation. when you are replaying the script, you are using dynamic value from the recording script which is expired.
Check the following:
Have you replaced all the changing values in the scripts with your variable? Maybe you
missed some parts. Some values could be in a request url or in a body data of a Post
request.
Check for other values that are changing, sometimes you will have many values to be
correlated, not just one (ex. JSessionID, CSRF token and ...)
What tool you are using to search for dynamic values and their locations? You can use
JMeter response to check for dynamic values but it is easier if you use Fiddler or if
you know LoadRunner, you can use its scripts comparison capabilities.
So I has a small problem as I outlined here.
I have made a new question because this is more general and will perhaps help others.
So essentially, I integrated the Facebook SDK Into Codeigniter as a library.
The SDK requires Json and Curl.
In the base_facebook.php file there is the following code:
if (!function_exists('curl_init')) {
throw new Exception('Facebook needs the CURL PHP extension.');
}
if (!function_exists('json_decode')) {
throw new Exception('Facebook needs the JSON PHP extension.');
}
If these functions are not available I expect an error to be fired to tell me such. Then I can install the correct packages and continue.
What actually happened is that even when I had error reporting set to E_ALL a blank page was returned.
This made it impossible to debug and after lots of playing I worked out it was because CURL was not installed on my server.
My question is why does codeigniter show blank pages rather than library based exceptions?
Furthermore even if there is an exception in a library why does the rest of the page not continue executing.
Essentially CI is seemingly making the use of exceptions worthless..
COuld anyone advise?
THanks
My question is why does codeigniter show blank pages rather than library based exceptions?
Most likely because display_errors is set to “off”.
While this is recommended for a production environment (web site users are not supposed to see internal error messages – it might give them info about internals, that they are not supposed to have) – it’s not very helpful while developing, where you as the developer want to be informed about what went wrong.
So check if CI has a “debug” setting for this, or if it’s maybe already set to off in your PHP configuration.
(Maybe CI or your config are set up in a way that errors are logged to a file instead. Also recommended for production; while developing, you’d have to keep an eye on this file then.)
Furthermore even if there is an exception in a library why does the rest of the page not continue executing.
Because that’s how exceptions are supposed to work – if they are not being caught when they reach the “top level” of your app, they cause a fatal error, and scripts die when those occur.
Familiarize yourself with the concept of try { … } catch(…) { … } to handle exceptions that might occur in script flow.
(Actually, it’s kinda surprising you don’t know all this already, if you’re working with an advanced PHP framework …)
i already posted this question but still wasnt able to resolve this issue.
seems that everyone has this problem with codeigniter .
When i set my session in a controller it works perfectly and i can display it.
WHen i move to another controller, the (CUSTOM) session data is completely lost.
i tried changing my cookie_domain in config.php. Since i am on localhost i tried localhost with without / and localhost/codeigniter and sodeigniter all did not work. i am lost
btw, i read somewhere that this happens when 2 ajax requests happen at the same time. could that be the problem?
Or maybe tell me how you resolved the problem if you had same issues
screw this, i am swithing to php native sessions. if anyone wants to do that,
http://codeigniter.com/wiki/PHPSession
Check and double-check your code or any external libraries you are using for a stray sess_destroy(). I ran into a similar problem where I was storing an id in the session for reference but if the user then logs in the SimpleLogin library I was using for logins just destroys the entire session including data I did not want to lose.
This is what I get for not writing my own code.
CodeIgniter 2.0.2 syntax error blank page
i have CodeIgniter 2.0.2 (CI) and its annoing, that when i write lots of code and then just get blank page. Hard to debug without error. i got error reporting E_ALL in php.ini and in config of CI its turned on for every case of enviroment (devel, product) just for sure...
Does anyone knows, where the bug can be? How to turn it on? I think CI is rewriting php.ini error reporting setting somewhere somehow...
Thanks.
The other thing to check in your php.ini are the 'display_errors' and 'display_startup_errors' variables, they should both be set to 1.
In my (little) experience with CI this issue has been the most frustating one. I can understand that no framework is perfect, and any web developer is used to deal with errors (no matter if the framework or the developer is to blame). But that ANY error results in a blank page, with ZERO information in logs, console, whatever, is unacceptable.
If I recall correctly, in my case this was caused by of some combination of CI (ab)using the "silent error" PHP operator (e.g. prepending some db statements with the # operator, a not very clever way of avoiding leaking potentially private information to the end user), together with some bad use of *error_reporting*. See my post here (and see how many answers I got!).
I reported another related CI's idiocyidiosyncrasy related with logging here (again, zero answers)
please check the index.php which locate in the SAME LEVEL of the application folder
inside the index.php the second line
line 2:
ini_set("display_errors", "1"); //ensure it is set to 1
line 23:
define('ENVIRONMENT', 'development'); // development | testing | production
grep your php.ini for the word "error", turn them to On etc...
Do you have output compression turned on in the config? I find that will cause white pages when you have errors.
$config['compress_output'] = FALSE; // Should be set to this when developing.
I had the same problem and eventually fixed it when i noticed I had no 'logs' directory in my application folder
I want to change the settings of firefox so as to allow it to make cross domain ajax calls. Since due to the security feature of the firefox it doen't allow ajax calls to be made. I know if it is in same domain it will allow. I have a code given bellow which in safari works fine but firefox doesn't display the results when it calls csce server then since the code is on local machine doesn't allow it and returns error. I know it will start working if I load my this code to csce server but I want to run the code from my machine. So can anyone help me in resolving this. I have spent past couple of days just searching for this solution.
Kindly suggest how to achieve this or should I go with some older version of firefox?
I googled and set the parameters of browser in config file as specified in this site but it still doesn't work.
http://code.google.com/p/httpfox/issues/detail?id=20
Maybe you could use privoxy and tell it to inject something like "Access-Control-Allow-Origin: *" in the server response.
To do this, you would have to go into the file user.filter (create it if it doesn't exist) in privoxys configuration directory and insert something like this:
SERVER-HEADER-FILTER: allow-crossdomain
s|Server: .*|Access-Control-Allow-Origin: *|
Instead of Server, you can also use any other header that's always present and you don't need.
And this into user.action:
{+server-header-filter{allow-crossdomain}}
csce.unl.edu
Note: I didn't test it.
https://developer.mozilla.org/En/HTTP_access_control
http://config.privoxy.org/user-manual/
This appears to enable XSS from file:// pages in Firefox 4, although it prompts you so might not be suitable for more than simple test pages:
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");