GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Unable to add cookies, header already sent. (https://gfy.com/showthread.php?t=532829)

brand0n 10-26-2005 06:14 PM
Unable to add cookies, header already sent.
 
Unable to add cookies, header already sent.
File: /usr/home/sites/www.gfy.com/htdocs/includes/functions_showthread.php(640) : eval()'d code
Line: 20

odd error eh?

phpslave 10-26-2005 07:43 PM
kinda, header errors normally arn't worded just like that. Usually the php error will say something along the lines of unable to modifiy headers, but it looks like someone has put some error handling in checking with headers_sent().

Here is the problem:
somewhere in the code before the cookie was set with one of the following;
PHP Code:
setcookie(); 
or
PHP Code:
header('Set-Cookie: ...... 
it sent something to the client, it can be anything that goes to the client, anything at all, a blank line at the start of a page, end of a file any html anything. You can't write to the headers on a clients system after you've already started sending information (already sent the headers). Generally this isn't a big issue to fix. ;-)

btw:
eval() - this shouldn't be used, this usually can lead to security issues depending on how it is handled. Eval takes input and runs it as php code, all types of things can happen here, one example if remote fopen is on in the php.ini and eval accepts a variable, it could be possiable to execute code on one server on another server.

eval() in addition to being a possiable security issue, is a preformance hit as well.

:thumbsup

have a good one

phpslave 10-26-2005 07:59 PM
I just got an error as well;

Warning: Unexpected character in input: ' in /usr/home/sites/www.gfy.com/htdocs/showthread.php(1687) : eval()'d code on line 339

wonder if all this eval() code is in vBulletin, or something that has been tacked on.

pornpf69 10-26-2005 08:00 PM
vBulletin is full of bugs...

phpslave 10-26-2005 08:05 PM
It surprises me that vBulletin a commercial product would use eval in their code, seems they could find a more efficiant / secure way to do things. Maybe, they have a good reason, i just can't think of any reason at all though.

:error

phpslave 10-26-2005 08:44 PM
:error
Unexpected character in input: ' ' (ASCII=1) state=2 in .....

Seems to be a big vBulliten error do a google search for it all that shows up is vBulliten boards.

i was able to reproduce the problem, but don't have access to vBulliten code.

PHP Code:
<?php
 file_put_contents('/test.php''<?php'.chr(1));
 ?>
or

PHP Code:
<?php 
eval(chr(1)); 
?>
The problem occurs where lower ascii characters in the php input stream so somewhere in your php file, there is a character (ASCII value of 1) which if you run one of the above samples, will produce;

PHP Warning: Unexpected character in input: 'hahaha9786;' (ASCII=1) state=1 in /var/www/htdocs/test.php on line 1

The Real Question is:
The real question is why are they eval()ing at all, there is no reason to use eval() in production code. just about the only legitimate use of eval() is making mock objects for testing.

they being vBulletin

CS-Jay 10-26-2005 08:53 PM
Did they do an update? Because I'm not gettin that error at all...


All times are GMT -7. The time now is 06:30 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123