I updated installation to version 2.5.2 and now FAQs are not displayed - Page not found error is displayed in the browser. Here is long debug info (sorry for this but was not sure how much info will be useful):
/** * Some basic functions and PMF_Init class. * * @package phpMyFAQ * @subpackage PMF_Init * @author Johann-Peter Hartmann * @author Thorsten Rinne * @author Stefan Esser * @author Matteo Scaramuccia * @author Christian Stocker * @since 2005-09-24 * @copyright 2005-2009 phpMyFAQ Team * @version SVN: $Id: Init.php 4677 2009-08-05 19:46:52Z thorsten $ * * The contents of this file are subject to the Mozilla Public License * Version 1.1 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. */ // // Debug mode: // - false debug mode disabled // - true debug mode enabled // define('DEBUG', False); if (DEBUG) { error_reporting(E_ALL & E_STRICT); ini_set('display_errors', 1); } else { ini_set('display_errors', 0); } // // Fix the PHP include path if PMF is running under a "strange" PHP configuration // $foundCurrPath = false; $includePaths = explode(PATH_SEPARATOR, ini_get('include_path')); $i = 0; while((!$foundCurrPath) && ($i < count($includePaths))) { if ('.' == $includePaths[$i]) { $foundCurrPath = true; } $i++; } if (!$foundCurrPath) { ini_set('include_path', '.'.PATH_SEPARATOR.ini_get('include_path')); } // // Tweak some PHP configuration values // Warning: be sure the server has enough memory and stack for PHP // ini_set('pcre.backtrack_limit', 100000000); ini_set('pcre.recursion_limit', 100000000); // // Include our class/interface autoloader // require_once 'autoLoader.php'; // // Read configuration and constants, included main functions // define('PMF_INCLUDE_DIR', dirname(__FILE__)); require_once PMF_INCLUDE_DIR.'/data.php'; require_once PMF_INCLUDE_DIR.'/constants.php'; require_once PMF_INCLUDE_DIR.'/functions.php'; // TODO: Linkverifier.php contains both PMF_Linkverifier class and // helper functions => move the fns into the class. require_once PMF_INCLUDE_DIR.'/Linkverifier.php'; // // Set the error handler to our pmf_error_handler() function // set_error_handler('pmf_error_handler'); // // Create a database connection // define('SQLPREFIX', $DB['prefix']); $db = PMF_Db::dbSelect($DB['type']); $db->connect($DB['server'], $DB['user'], $DB['password'], $DB['db']); // // Fetch the configuration // $faqconfig = PMF_Configuration::getInstance(); $faqconfig->getAll(); $PMF_CONF = $faqconfig->config; // // We always need a valid session! // // Avoid any PHP version to move sessions on URLs ini_set('session.use_only_cookies', 1); ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', ''); // // Connect to LDAP server, when LDAP support is enabled // if ($faqconfig->get('main.ldapSupport') && file_exists(PMF_INCLUDE_DIR . '/dataldap.php')) { require PMF_INCLUDE_DIR . '/dataldap.php'; require PMF_INCLUDE_DIR . '/constants_ldap.php'; } else { $ldap = null; } /** * Build attachments path */ $confAttachmentsPath = trim($faqconfig->get('main.attachmentsPath')); if ('/' == $confAttachmentsPath[0] || preg_match('%^[a-z]\\\\|/)%i', $confAttachmentsPath)) { /** * If we're here, some windows or unix style * absolute path was detected. */ define('PMF_ATTACHMENTS_DIR', $confAttachmentsPath); } else { /** * otherwise build the absolute path * */ $tmp = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $confAttachmentsPath; /** * Check that nobody is traversing */ if (0 === strpos((string)$tmp, dirname(dirname(__FILE__)))) { define('PMF_ATTACHMENTS_DIR', $tmp); } else { define('PMF_ATTACHMENTS_DIR', false); } } /** * PMF_Init * * This class provides methods to clean the request environment from global * variables, unescaped slashes and XSS in the request string. It also detects * and sets the current language. * * @package phpMyFAQ * @subpackage PMF_Init * @author Johann-Peter Hartmann * @author Thorsten Rinne * @author Stefan Esser * @author Matteo Scaramuccia * @author Christian Stocker * @since 2005-09-24 * @copyright 2005-2009 phpMyFAQ Team * @version SVN: $Id: Init.php 4677 2009-08-05 19:46:52Z thorsten $ */ class PMF_Init { /** * The accepted language of the user agend * * @var string */ public $acceptedLanguage = ''; /** * The current language * * @var string */ public static $language = ''; /** * cleanRequest * * Cleans the request environment from: * - global variables, * - unescaped slashes, * - xss in the request string, * - uncorrect filenames when file are uploaded. * * @return void * @access public * @author Johann-Peter Hartmann */ public static function cleanRequest() { if (version_compare(PHP_VERSION, '6.0.0-dev', '<')) { $_SERVER['PHP_SELF'] = strtr(rawurlencode($_SERVER['PHP_SELF']),array( "%2F"=>"/", "%257E"=>"%7E")); } if (isset($_SERVER['HTTP_USER_AGENT'])) { $_SERVER['HTTP_USER_AGENT'] = urlencode($_SERVER['HTTP_USER_AGENT']); } // remove global registered variables to avoid injections if (ini_get('register_globals')) { self::_unregisterGlobalVariables(); } // clean external variables $externals = array('_REQUEST', '_GET', '_POST', '_COOKIE'); foreach ($externals as $external) { if (isset($GLOBALS[$external]) && is_array($GLOBALS[$external])) { // first clean XSS issues $newvalues = $GLOBALS[$external]; $newvalues = self::_removeXSSGPC($newvalues); // then remove magic quotes $newvalues = self::_removeMagicQuotesGPC($newvalues); // clean old array and insert cleaned data foreach (array_keys($GLOBALS[$external]) as $key) { $GLOBALS[$external][$key] = null; unset($GLOBALS[$external][$key]); } foreach (array_keys($newvalues) as $key) { $GLOBALS[$external][$key] = $newvalues[$key]; } } } // clean external filenames (uploaded files) self::_cleanFilenames(); } /** * Clean up a filename: if anything goes wrong, an empty string will be returned * * @param string $filename * @return string * @access private * @since 2006-12-29 * @author Matteo Scaramuccia */ private static function _basicFilenameClean($filename) { global $denyUploadExts; // Remove the magic quotes if enabled $filename = (ini_get('magic_quotes_gpc') ? stripslashes($filename) : $filename); $path_parts = pathinfo($filename); // We need a filename without any path info if ($path_parts['basename'] !== $filename) { return ''; } // We need a filename with at least 1 chars plus the optional extension if (isset($path_parts['extension']) && ($path_parts['basename'] == '.'.$path_parts['extension'])) { return ''; } if (!isset($path_parts['extension']) && (strlen($path_parts['basename']) == 0)) { return ''; } // Deny some extensions (see inc/constants.php), if any if (!isset($path_parts['extension'])) { $path_parts['extension'] = ''; } if (count($denyUploadExts) > 0) { if (in_array(strtolower($path_parts['extension']), $denyUploadExts)) { return ''; } } // Clean the file to remove some chars depending on the server OS // 0. main/rfc1867.c: rfc1867_post_handler removes any char before the last occurence of \/ // 1. Besides \/ on Windows: :*?"<>| if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { $reservedChars = array(':', '*', '?', '"', '<', '>', "'", '|'); $filename = str_replace($reservedChars, '_', $filename); } return $filename; } /** * Clean the filename of any uploaded file by the user and force an error * when calling is_uploaded_file($_FILES[key]['tmp_name']) if the cleanup goes wrong * * @access private * @since 2006-12-29 * @author Matteo Scaramuccia */ private static function _cleanFilenames() { reset($_FILES); while (list($key, $value) = each($_FILES)) { if (is_array($_FILES[$key]['name'])) { reset($_FILES[$key]['name']); // We have a multiple upload with the same name for while (list($idx, $value2) = each($_FILES[$key]['name'])) { $_FILES[$key]['name'][$idx] = self::_basicFilenameClean($_FILES[$key]['name'][$idx]); if ('' == $_FILES[$key]['name'][$idx]) { $_FILES[$key]['type'][$idx] = ''; $_FILES[$key]['tmp_name'][$idx] = ''; $_FILES[$key]['size'][$idx] = 0; $_FILES[$key]['error'][$idx] = UPLOAD_ERR_NO_FILE; } } reset($_FILES[$key]['name']); } else { $_FILES[$key]['name'] = self::_basicFilenameClean($_FILES[$key]['name']); if ('' == $_FILES[$key]['name']) { $_FILES[$key]['type'] = ''; $_FILES[$key]['tmp_name'] = ''; $_FILES[$key]['size'] = 0; $_FILES[$key]['error'] = UPLOAD_ERR_NO_FILE; } } } reset($_FILES); } /** * Gets the accepted language from the user agent * * @return void * @access private * @author Thorsten Rinne * @author Matteo Scaramuccia */ private function _getUserAgentLanguage() { $matches = array(); // $_SERVER['HTTP_ACCEPT_LANGUAGE'] could be like the text below: // it,pt-br;q=0.8,en-us;q=0.5,en;q=0.3 // TODO: (ENH) get an array of accepted languages and cycle through it in self::setLanguage if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { // ISO Language Codes, 2-letters: ISO 639-1, [-] // Simplified language syntax detection: xx[-yy] preg_match("/([a-z\-]+)/i", trim($_SERVER['HTTP_ACCEPT_LANGUAGE']), $matches); if (isset($matches[1])) { $this->acceptedLanguage = $matches[1]; } } } /** * True if the language is supported by the current phpMyFAQ installation * * @param string $langcode * @return bool * @access public * @author Matteo scaramuccia */ public static function isASupportedLanguage($langcode) { global $languageCodes; return isset($languageCodes[strtoupper($langcode)]); } /** * Sets the current language for phpMyFAQ user session * * @param bool $config_detection Configuration detection * @param string $config_language Language from configuration * @return string */ public function setLanguage($config_detection, $config_language) { global $sid; $_lang = array(); self::_getUserAgentLanguage(); // Get language from: _POST, _GET, _COOKIE, phpMyFAQ configuration and the automatic language detection $_lang['post'] = PMF_Filter::filterInput(INPUT_POST, 'language', FILTER_SANITIZE_STRING); if (!is_null($_lang['post']) && !self::isASupportedLanguage($_lang['post']) ) { $_lang['post'] = null; } // Get the user language $_lang['get'] = PMF_Filter::filterInput(INPUT_GET, 'lang', FILTER_SANITIZE_STRING); if (!is_null($_lang['get']) && !self::isASupportedLanguage($_lang['get']) ) { $_lang['get'] = null; } // Get the faq record language $_lang['artget'] = PMF_Filter::filterInput(INPUT_GET, 'artlang', FILTER_SANITIZE_STRING); if (!is_null($_lang['artget']) && !self::isASupportedLanguage($_lang['artget']) ) { $_lang['get'] = null; } // Get the language from the session if (isset($_SESSION['pmf_lang']) && self::isASupportedLanguage($_SESSION['pmf_lang']) ) { $_lang['session'] = trim($_SESSION['pmf_lang']); } // Get the language from the config if (isset($config_language)) { $confLangCode = str_replace(array("language_", ".php"), "", $config_language); if (self::isASupportedLanguage($confLangCode) ) { $_lang['config'] = $confLangCode; } } // Detect the browser's language if ((true === $config_detection) && self::isASupportedLanguage($this->acceptedLanguage) ) { $_lang['detection'] = $this->acceptedLanguage; } // Select the language if (isset($_lang['post'])) { self::$language = $_lang['post']; $_lang = null; unset($_lang); } elseif (isset($_lang['get'])) { self::$language = $_lang['get']; } elseif (isset($_lang['session'])) { self::$language = $_lang['session']; $_lang = null; unset($_lang); } elseif (isset($_lang['detection'])) { self::$language = $_lang['detection']; $_lang = null; unset($_lang); } elseif (isset($_lang['config'])) { self::$language = $_lang['config']; $_lang = null; unset($_lang); } else { self::$language = 'en'; // just a fallback } return $_SESSION['pmf_lang'] = self::$language; } /** * This function deregisters the global variables only when 'register_globals = On'. * Note: you must assure that 'session_start()' is called AFTER this function and not BEFORE, * otherwise each $_SESSION key will be set to NULL because $GLOBALS * has an entry, as copy-by-ref, for each $_SESSION key when 'register_globals = On'. * * @return void * @access private * @author Stefan Esser */ private static function _unregisterGlobalVariables() { if (!ini_get('register_globals')) { return; } if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) { die('GLOBALS overwrite attempt detected.'); } $noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); foreach (array_keys($input) as $k) { if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) { $GLOBALS[$k] = null; unset($GLOBALS[$k]); } } } /** * This function removes the magic quotes if they are enabled. * * @param array * @return array * @access private * @author Thorsten Rinne */ private static function _removeMagicQuotesGPC($data) { static $recursionCounter = 0; // Avoid webserver crashes. For any detail, see: http://www.php-security.org/MOPB/MOPB-02-2007.html // Note: 1000 is an heuristic value, large enough to be "transparent" to PMF. if ($recursionCounter > 1000) { die('Deep recursion attack detected.'); } if (ini_get('magic_quotes_gpc')) { $addedData = array(); foreach ($data as $key => $val) { $key = addslashes($key); if (is_array($val)) { $recursionCounter++; $addedData[$key] = self::_removeMagicQuotesGPC($val); } else { $addedData[$key] = $val; } } return $addedData; } return $data; } /** * Cleans a html string from some xss issues * * @param string $string * @return string * @access private * @author Christian Stocker * @copyright Copyright (c) 2001-2008 Liip AG */ private static function _basicXSSClean($string) { global $PMF_LANG; if (strpos($string, '\0') !== false) { return null; } if (ini_get('magic_quotes_gpc')) { $string = stripslashes($string); } $string = str_replace(array("&", "<", ">"), array("&", "<", ">"), $string); // fix &entitiy\n; $string = preg_replace('#(&\#*\w+)[\x00-\x20]+;#', "$1;", $string); $string = preg_replace('#(&\#x*)([0-9A-F]+);*#i', "$1$2;", $string); $string = html_entity_decode($string, ENT_COMPAT, $PMF_LANG['metaCharset']); // remove any attribute starting with "on" or xmlns $string = preg_replace('#(<[^>]+[\x00-\x20\"\'\/])(on|xmlns)[^>]*>#iU', "$1>", $string); // remove javascript: and vbscript: protocol $string = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU', '$1=$2nojavascript...', $string); $string = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU', '$1=$2novbscript...', $string); $string = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#U', '$1=$2nomozbinding...', $string); $string = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*data[\x00-\x20]*:#U', '$1=$2nodata...', $string); // // only works in ie... $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU', "$1>", $string); $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU', "$1>", $string); $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iU', "$1>", $string); //remove namespaced elements (we do not need them...) $string = preg_replace('#]*>#i', "", $string); //remove really unwanted tags do { $oldstring = $string; $string = preg_replace('#]*>#i', "", $string); } while ($oldstring != $string); return $string; } /** * Removes xss from an array * * @param array $data * @return array * @acces private * @author Thorsten Rinne * @author Johann-Peter Hartmann */ private static function _removeXSSGPC($data) { static $recursionCounter = 0; // Avoid webserver crashes. For any detail, see: http://www.php-security.org/MOPB/MOPB-02-2007.html // Note: 1000 is an heuristic value, large enough to be "transparent" to PMF. if ($recursionCounter > 1000) { die('Deep recursion attack detected.'); } $cleanData = array(); foreach ($data as $key => $val) { $key = self::_basicXSSClean($key); if (is_array($val)) { $recursionCounter++; $cleanData[$key] = self::_removeXSSGPC($val); } else { $cleanData[$key] = self::_basicXSSClean($val); } } return $cleanData; } }
Fatal error: Class 'PMF_Init' not found in /home/srsaus/public_html/phpfaq/index.php on line 45
FAQs not displayed after update
Moderator: Thorsten
Re: FAQs not displayed after update
Hi,
from which version did you updated? Which PHP version do you use?
bye
Thorsten
from which version did you updated? Which PHP version do you use?
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: FAQs not displayed after update
PHP version is 5.2.9 (I am using BlueHost as service provider) and upgrade was from phpMyFAQ 2.0.17
- Wajeeh
- Wajeeh