|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11839 hack? following is a discussion of the hack...... Is PHP the problem?????????
Submitted: 2001-07-02 12:13 UTC Modified: 2001-07-05 08:29 UTC
From: mlidd at jhu dot edu Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 4.0.6 OS: linux (redhat7.1)
Private report: No CVE-ID: None
 [2001-07-02 12:13 UTC] mlidd at jhu dot edu
To: B?rd Farstad <>
Subject: Re: FYI:more the funny problem

I use REDHAT 7.1 and whatever comes with it plus what needs to be loaded for eZPublish.

Everything works correctly on my test server: the browser (netscape 4.7+) displays the ad ok.  The client test machine in a win98 2nd ed with netscape and IE.  (I originally tested the client on the win machine so I could if IE displayed the site correctly.) Both browsers display the "problem" on the client machine.  So I don't think the problem on the client side.  It is not eZpublish.  So it has to be in the apache or the apache modules.  My guess is that it is in the PHP module. 

I tried one other case: I copied the print line in ezadlist and put it AFTER the ?> line WITHOUT the  print function name, the  (, ), and the ; .  The html was still commented out only on the remote browser.  I could have snooped (tcpdump on linux) the server output, but since I got in a  workaround, I figured I just wait until I had time to look into the PHP code.

Since you've been so helpfull :) I thought I'd let you know about the "joke" so you weren't caught unaware..

I am forwarding this mail exchange to the PHP group.  OK?


To: B?rd Farstad <>
Subject: Re: FYI:more the funny problem

Ah now you ARE getting it.  ezad doesn't do it, the php apache module does it.

any html tag "<something ... /something>" with the /ad/ string gets commented out (<--! before  and !--> after) that gets sent to a remote client.

As I said if you changed the adlist to:
print  "<a target=\"_blank\" href=\"/";
print "a";
print "d";
print ("goto/$adID/\"><img src=\"$imgSRC\" width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" );

it still wouldn't work so it MUST be done in the PHP module.

print( "<a target=\"_blank\" href=\"/add/goto/$adID/\"><img src=\"$imgSRC\" width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" );

works fine as long as you do a softlink from /ezad to /ezadd. (notice I changed the /ad/ to /add/)

great huh, 

watch out for it.  Again I noticed this in php 4.0.6  I didn't test a remote client when I used php 4.0.5

At 04:27 PM 7/2/01 +0200, you wrote:
Hi Mark,

I don't understand how the eZ ad module can do this.. All it does is print a 
link with image like this:

print( "<a target=\"_blank\" href=\"/ad/goto/$adID/\"><img src=\"$imgSRC\" 
width=\"$imgWidth\" height=\"$imgHeight\" border=\"0\" alt=\"\" /></a><br />" 

Have I misunderstood something?

B?rd Farstad
Systems developer | |

To: B?rd Farstad <>
Subject: Re: FYI:more the the funny problem


On the server, when I use the netscape client to view the "page source",  I see the correct HTML for the banner ad.  On a client,  with netscape (or IE) when I view the SAME PAGE source, I see the HTML line for the banner ad commented out.

I ran the following test: When I output anything with the 4 character string /ad/ , the html gets commented out.  I tested this with print and echo.  I also used several print statements outputing a letter at a time. The result is the same: the html with /ad/ ONLY when going to the client on another computer is commented out.

This is using php 4.0.6  that I downloaded from site from the download link

and compiled myself.  I gave up looking for the module, figuring that a later PHP version won't have it.  My workaround is to change the line in adlist.php from /ad/ to /add/ and to put a softlink from ezad to ezadd.

Pretty conclusive to me.  watch for it.  PHP 4.x has a single point that all the output goes through.  My guess is that the malicious code is there.  In my PHP 4.0.6 distribution anyway.


 At 09:10 AM 7/2/01 +0200, you wrote:

not sure what problems you are having with the banner ads. They're not 
dependant on the host viewing the page. If you're using the current CVS then 
expect the code not to work (right now).

I've got a few things to fix in ezcalendargroup edit and then I'm done.  Everything is pretty slick.  I'll spend a day or so adding some content and should be on the net by wednesday at the earliest and monday at the latest.  After you get a chance to look at my site, I'll send you the code.


B?rd Farstad
Systems developer | |

On Saturday 30 June 2001 21:16, you wrote:
> Sorry if I thought it was "you"  I think it is somewhere in the PHP code (I
> use 4.0.6).
> I'll spend another hour or so on it today.  Pretty funny if you think about
> it.   A person gets their stuff working and then puts it on the net only to
> find out sometime later that the banner ads never got displayed elsewhere,
> only on their development machine.  I will find it.  I don't feel spending
> my processor $$ on searching for the banner string.
> The calendar code is coming along nicely.   I just fixing a few minor
> problems.  I intend to get restarted on getting the production machine on
> the network.
> I think the I don't if you guys put it in the code or not but there is a
> problem.   The work-around is pretty simple.
> It seems that the html is post-processed somewhere looking for the banner
> code.  When the client is on another computer the banner code is commented
> out.  So the user doesn't see the banner ad.  First I thought the print
> function was redefined, but that's not it.
> Is this something you guys did as a hack?
> Mark


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-07-02 12:39 UTC]
Can you please summarize this?

 [2001-07-05 08:29 UTC]
It was a problem with Norton programs.

PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue May 17 15:03:34 2022 UTC