Update 11.1 - PHP code exposed

[Spiral]

isputra, did you compile PHP with the "versioning" option enabled?

Versioning is incompatible with both PHP 5 and Zend Optimizer and will
generate an error message similar to the one you just quoted.

Another way that message can be triggered is if you are calling an
external module or library from your PHP.INI file and the called file
isn't in the search path or doesn't exist.

 

[isputra]

Hi Spiral,

I'm using php 4.4.6 and without versioning enabled.

 

[rgripoll]

After doing this, now my php status give me :

[email protected] [~]# php -v
Failed loading 1: 1: cannot open shared object file: No such file or directory
PHP 4.4.6 (cli) (built: Apr 4 2007 20:14:44)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
with Zend Extension Manager v1.2.0, Copyright (c) 2003-2007, by Zend Technologies
with Zend Optimizer v3.2.6, Copyright (c) 1998-2007, by Zend Technologies

What's wrong with this ? Please help me.

I've fixed this problem deleting the line

zend_extension = On

on the file /usr/local/Zend/etc/php.ini

After doing this, zend works ok, don't ask me why.

 

[sheppard]

Zend + PHP Quirks.

I've fixed this problem deleting the line

zend_extension = On

on the file /usr/local/Zend/etc/php.ini

After doing this, zend works ok, don't ask me why.

Same issue here, that fixed it.

 

[dwh2]

Try this

Update to 11.2.2-CURRENT_11673

Go into the php config editor in whm
Go into advanced mode
Save the config.


11.2.2-CURRENT_11673 added some logic to repair any errors in the php.ini.

This is horrendous. This is still a problem 2 months later?
Can't you release an emergency update to the release tree just for the php problem?

Otherwise, how do you handle it? to get 11.2.2 then I need to change my update config to "Current". Which will upgrade an edgy release every night.
If I downgrade it to RELEASE after fixing the problem, won't it downgrade the WHM version next night and revert the php problem??

 

[dwh2]

I may be a bit confused about a couple of things, so let me put it differently. I cannot upgrade to php 5.23 w/o exposing php code to the world.

 

[Spiral]

Updated to 11.1 and now, for some reason I can't fathum, all PHP pages show the HTML only. The PHP code is viewable in browsers' view source, instead of being server-parsed (securiy risk, other than the fact PHP itself not running - so a moot point ). Changes to php.ini ? Any ideas highly appreciated

This simply means that your PHP didn't compile successfully which is fairly
common when setting up PHP and Apache with Cpanel's EasyApache script ....

This is the #1 reason I always compile PHP manually from source and
just leave /scripts/easyapache for Apache compiling only.

It is a lot simpler to compile yourself and you can be sure it is compiled
successfully and correctly for your server.

I may be a bit confused about a couple of things, so let me put it differently. I cannot upgrade to php 5.23 w/o exposing php code to the world.

PHP v5.2.3 changed the CGI binary name from "php" to "php-cgi"

 

[dwh2]

This simply means that your PHP didn't compile successfully which is fairly
common when setting up PHP and Apache with Cpanel's EasyApache script ....

This is the #1 reason I always compile PHP manually from source and
just leave /scripts/easyapache for Apache compiling only.

It is a lot simpler to compile yourself and you can be sure it is compiled
successfully and correctly for your server.


PHP v5.2.3 changed the CGI binary name from "php" to "php-cgi"

Is that why all the code is exposed? How to fix that?
I tried upgrading to the latest WHM but that 11.2 not 11.2.2...and it didn't work.

 

[maggy]

I haven't tried this, but if you want to prevent disclosure of PHP files on Apache 1.x if PHP fails to load, you could put this in your httpd.conf:

<IfModule !mod_php4.c>
    <Files ~ "\.(php|php3|php4|phtml)$">
        Order allow,deny
        Deny from all
        Satisfy All
    </Files>
</IfModule>

What this should do is cause any access to PHP files to return forbidden instead of being disclosed to the user. Obviously this doesn't fix the PHP problem, but it should help you out when trying to keep scripts secure until you can track down the actual problem.

And of course for PHP5 or Apache 2 you will need to tweak this example to the appropriate format.

Try it out and let me know if it works.

 

[absolut]

Confused

Hi,

I'm really confused. Read the hole topic but or my english is really bad and I wasn't able to uderstand what you were saying or I'm just getting stupid !

For what I can see you have similar problems to the one I'm having but not quiet like mine.

I went to Apache Build in WHM and chenged only the php module version (from 4.4.7 to 5.2.3). The build went OK and after the normal time apache takes to build, hpptd started fine and good to go!

But I'm having a extrmly strange problem after building apache in WHM.

Exemple: I have an account with the domain named domain1.com and on the public_html i have a folder with an index.html named folder1.

I can access domain1.com but when I try to access domain1.com/folder1 ie/firefox or (I supose) any other browser asks me if I want to save thefolder1 file (extension .file).

This only ocurs when the link is php related, I mean a script calling for folder1.


Could you plaese help me?

Thanks in advance!

 

[DReade83]

I've never had this problem...

Upgraded a client's site last night and can't see any PHP code in View Source.

 

[absolut]

Well I have that problem, and it's bad because I have coded a new script for a client of mine in php5 and it does not work :|