Which right do i have to give IIS_WPG on windows 2003 r2

All about webserver configurations, PHP and databases.

Moderator: Thorsten

Post Reply
nomukrt
Posts: 2
Joined: Thu Nov 09, 2006 3:07 pm

Which right do i have to give IIS_WPG on windows 2003 r2

Post by nomukrt »

Hello i installed a iis 6.0 on windows 2003 server r2 and configured it with php and isapi so i can just see the infos from the phpinfo.php. So far so good i have i working webserver with php support and so i started to install phpMyFAQ all seem to be right i can make categories and i can create questions but when i right the text into the editor control and i save .the text which i entered in the editor control wouldn't appear the next time i opened that faq. So i think the IIS_WPG user needs some rights to write to file or that? Has anybody i fully working installtion with iis 6.0 and php5 and phpMyFAQ1.6.6 :?:
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Re: Which right do i have to give IIS_WPG on windows 2003 r2

Post by matteo »

Hi,
nomukrt wrote:Hello i installed a iis 6.0 on windows 2003 server r2 and configured it with php and isapi so i can just see the infos from the phpinfo.php. So far so good i have i working webserver with php support and so i started to install phpMyFAQ all seem to be right i can make categories and i can create questions but when i right the text into the editor control and i save .the text which i entered in the editor control wouldn't appear the next time i opened that faq. So i think the IIS_WPG user needs some rights to write to file or that?
it needs simply the right to write on DB, nothing more. Which DB are you using?
nomukrt wrote:Has anybody i fully working installtion with iis 6.0 and php5 and phpMyFAQ1.6.6 :?:
I'm running PMF on IIS 5.0 and PHP 5.1.6/4.4.4/4.3.5, with MySQL 4.1.20, MSDE 2000, MS SQL 2000 SP4. I could test PMF on IIS 6.0 but I think that the issue is not related to IIS: you could check if your IIS 6.0 is preventing the load of some files looking at 404 errors in your log file but the WYSIWYG editor simply uses some .js files and this extension is enabled by default even on IIS 6.0.
At least the text could be truncated: read here.

My suggestions are:
  1. Post here the PMF backend homepage sections phpMyFAQ Information and System Information;
  2. Check for any strange error in your log files, both PHP ones and 404s;
  3. Check with the Metabase Explorer (IIS SDK) for any too small limit in HTTP POST size (AspMaxRequestEntityAllowed);
  4. Drop an eye to faqdata table where the content should be stored if it is not empty.
Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
nomukrt
Posts: 2
Joined: Thu Nov 09, 2006 3:07 pm

It seems to be a character/encoding problem

Post by nomukrt »

Hello,
i have just tested a few scenarios and now i can reproduce the error: if i write the following text in the editor-control:
Wie fixt man den Fehler:Beim Starten des zentralen Programms "HP Director" erscheint die Meldung "Visual C++ Runtime Error ..."

Lösung: lokales Loginscript namens LocalLogon.cmd mit folgendem Inhalt anlegen:

@echo off
%SystemRoot%\system32\xcopy.exe /I /S /Y "%CommonProgramFiles%\ZDV\Hewlett-Packard" "%APPDATA%\Hewlett-Packard"

Verzeichnis %CommonProgramFiles%\ZDV\Hewlett-Packard\Digital Imaging

anlegen mit folgenden Dateien als Daten devices.xml, settings.xml
then nothing of the text will be saved.
if i paste the follwing text into the editorcontrol:
Wie fixt man den Fehler:Beim Starten des zentralen Programms "HP Director" erscheint die Meldung "Visual C++ Runtime Error ..."

Loesung: lokales Loginscript namens LocalLogon.cmd mit folgendem Inhalt anlegen:

@echo off
%SystemRoot%\system32\xcopy.exe /I /S /Y "%CommonProgramFiles%\ZDV\Hewlett-Packard" "%APPDATA%\Hewlett-Packard"

Verzeichnis %CommonProgramFiles%\ZDV\Hewlett-Packard\Digital Imaging

anlegen mit folgenden Dateien als Daten devices.xml, settings.xml
the complete text is saved and all is working very fine. So i think the character ö is the reason for the fault.

My System
phpMyFAQ Version phpMyFAQ 1.6.6
Server Software Microsoft-IIS/6.0
PHP Version PHP 5.2.0
Register Globals off
Safe Mode off
Database Client Version 5.0.22
Database Server Version 5.0.27-community-nt
Webserver Interface ISAPI
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Re: It seems to be a character/encoding problem

Post by matteo »

Hi,
nomukrt wrote:So i think the character ö is the reason for the fault.

My System
phpMyFAQ Version phpMyFAQ 1.6.6
Server Software Microsoft-IIS/6.0
PHP Version PHP 5.2.0
Register Globals off
Safe Mode off
Database Client Version 5.0.22
Database Server Version 5.0.27-community-nt
Webserver Interface ISAPI
thanks for your effort in finding out what's causing the issue in your system: we'll look at it building a similar environment, at least MySQL 5.0.22 and PHP 5.2.0.

Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

The issue is related to PHP 5.2.0 and our PMF_Init::basicXSS

Post by matteo »

Hi,
the issue is related only on adopting PHP 5.2.0 (nothing with IIS 6.0 or Windows) 'cause something changed (it seems not related with the new filters) in 5.2.0 is now breaking the RegExps in our PMF_Init::basicXSS.
In the mean time, waiting for a fix on PMF, you could replace that method in inc/Init.php with this below:

Code: Select all

    function basicXSSClean($string)
    {
        if (strpos($string, '\0') !== false) {
            return null;
        }
         if (get_magic_quotes_gpc()) {
                 $string = stripslashes($string);
         }
    	$string = str_replace(array("&","<",">"),array("&amp;","&lt;","&gt;",),$string);

    	// Drop the regexps waiting for QA/Fix using PHP 5.2.0

    	//remove really unwanted tags
    	do {
    		$oldstring = $string;
    		$string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
    	} while ($oldstring != $string);
    	return $string;
    }
It's a safe workaround if your server is not public.

Stay tuned,
Matteo

EDIT: From the PHP changelog:
Updated PCRE to version 6.7. (Ilia)
Last edited by matteo on Sat Nov 18, 2006 1:17 am, edited 1 time in total.
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
calande
Posts: 70
Joined: Sat Sep 02, 2006 7:01 am

Post by calande »

Ooops... This didn't work...It adds 7 backslashes in front of each single quote. Ie:

Code: Select all

I don't => I don\\\\\\\'t
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Post by matteo »

Hi,
I cannot actually test it 'till Monday but here are some more notes. From:
  1. Bug #39405 regular expression breaking on strings >= 24999 characters;
  2. NEW PCRE Configuration Options:
    pcre.backtrack_limit = 100000
    pcre.recursion_limit = 100000
it seems that:

Code: Select all

pcre.backtrack_limit = -1
in php.ini should fix it or at least this should avoid another possible issue on PMF when running under PHP 5.2.0.

Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Post by matteo »

Hi,
calande wrote:Ooops... This didn't work...It adds 7 backslashes in front of each single quote. Ie:

Code: Select all

I don't => I don\\\\\\\'t
that's 'cause in the previous post (just fixed now) I missed this piece of code:

Code: Select all

         if (get_magic_quotes_gpc()) {
                 $string = stripslashes($string);
         }
and you have magic quotes on.

Question: could you recover the original function and test if setting pcre.backtrack_limit to -1 solves the issue?

Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Post by matteo »

Hi,
matteo wrote:it seems that:

Code: Select all

pcre.backtrack_limit = -1
in php.ini should fix it or at least this should avoid another possible issue on PMF when running under PHP 5.2.0.
here is an update on the debug progress: I can confirm that the new 2 params, introduced with 5.2.0, optionally trigger another kind of issue.

The current issue, coming ONLY when running PHP 5.2.0 for a PMF server, is that the PCRE_UTF8, u, seems to work no longer:
that's the reason why I've suggested to temporarly remove each of the preg_replace calls IF/WHEN they contains the PCRE_UTF8 modifier.

Stay tuned,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Post by matteo »

Hi all,
here is a working (BUT not the final) version of the PMF_Init::basicXSSClean static method:

Code: Select all

    function basicXSSClean($string)
    {
        global $PMF_LANG;

        if (strpos($string, '\0') !== false) {
            return null;
        }
        if (get_magic_quotes_gpc()) {
            $string = stripslashes($string);
        }
        $string = str_replace(array("&","<",">"),array("&amp;","&lt;","&gt;",),$string);

        $string = mb_convert_encoding($string, 'utf-8', $PMF_LANG["metaCharset"]);
        // fix &entitiy\n;
        $string = preg_replace('#(&\#*\w+)[\x00-\x20]+;#u',"$1;",$string);
        $string = preg_replace('#(&\#x*)([0-9A-F]+);*#iu',"$1$2;",$string);
        $string = html_entity_decode($string, ENT_COMPAT);
        // remove any attribute starting with "on" or xmlns
        $string = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',"$1>",$string);
        // remove javascript: and vbscript: protocol
        $string = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2nojavascript...',$string);
        $string = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2novbscript...',$string);
        //<span style="width: expression(alert('Ping!'));"></span>
        // only works in ie...
        $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iUu',"$1>",$string);
        $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iUu',"$1>",$string);
        $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu',"$1>",$string);
        //remove namespaced elements (we do not need them...)
        $string = preg_replace('#</*\w+:\w[^>]*>#i',"",$string);
        //remove really unwanted tags
        do {
            $oldstring = $string;
            $string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
        } while ($oldstring != $string);

        $string = mb_convert_encoding($string, $PMF_LANG["metaCharset"], 'utf-8');
        return $string;
    }
What it seems to be changed with PHP 5.2.0 is that the PCRE_UTF8 modifier needs each char to be UTF-8 encoded.

Next step will be an analysis to see if any of the "utf-8 regexps" could run without PCRE_UTF8 modifier.

Stay tuned,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
matteo
Posts: 572
Joined: Sun Nov 20, 2005 6:53 pm
Location: Italy

Post by matteo »

Hi all,
the issue has been fixed since few minutes into CVS both for 1.6.7-dev and 2.0.0-beta.

Ciao,
Matteo
phpMyFAQ QA / Developer
Amazon.co.uk Wishlist
Post Reply