I'll preface this by saying I think my issue has to do with PHP but perhaps figuring out what's going on in the functions-basic.php page might help me resolve it.
What's happening (long and detailed):
I've been having this issue with my personal site where it wouldn't load. (Old version of the site was just a blank page - new version is just a "The connection was reset" error - more details on this below)
If I browse directly to an image - the image will load. I can also FTP and SSH in no problems...everything is there. Once I restart Apache the site is fine again - nothing is lost and it was like nothing ever happened. When this happens, it only happens to my personal site...and ONLY to the "www" domain - all sub-domains always work fine (more on that later) No other sites on my server (9 total) have this issue either. Several of them use zen also. I've also checked server load when this happens and nothing abnormal there either.
It's a fairly large site with tons of pics and vids and content so I just thought something was going wacky with the database or the version of zen I was using. As such, I started to build a new site. I got everything going in a new sub-domain (dev). Latest version of zen at the time (1.4.1.2), new database and everything. I didn't want to import any old content just in case something was screwy with the database.
Fast forward several weeks - I now have a working beta site that's completely designed and I am now loading content. It's a fully functional site though. Well, I get this issue with my main site (www) not loading once again. Now that I have a beta site I decide to see what's going on with that...well it loads fine. No issues. And again no issues with the other sites on the server either.
Again if I restart apache all is fine.
Fast forward to going live with the new version of my site. Everything goes well and I'm up and running in no time. The old site now resides under the "dev" sub-domain just in case I missed something or need to revert back for whatever reason. Again all is well. Fast forward again a month or so and now the NEW site isn't loading...this time the error is slightly different - it's a "The connection was reset" error compared to just a blank empty page like before. I can still browse to display an image and also a standard html page loads fine...
NOW, here's the strange thing...when I browse to the old site (that was originally giving me issues and now resides in the "dev" sub-directory) it loads perfectly fine! No issues. And once again all the other sites on the server load fine. I've since added another subdomain to my site for my wifes recipes and that loads fine too using zen of course). And once again restarting Apache gets the site back up instantly...
Entire error:
ALERT - canary mismatch on efree() - heap overflow detected (attacker 'XX.XXX.XXX.XXX', file 'zp-core/template-functions.php', line 810
Like I said research says it's possible something to do with PHP but it's always related to functions-basic.php line 810.
Everything in that area of the page is below:
/** returns a sanitized string for the sanitize function
*
@param string $input_string
*
@param string $sanitize_level
*
@return string the sanitized string.
*/
function sanitize_string($input_string, $sanitize_level) {
global $_user_tags, $_style_tags;
// Strip slashes if get_magic_quotes_gpc is enabled.
if (get_magic_quotes_gpc()) {
$input_string = stripslashes($input_string);
}
// Basic sanitation.
if ($sanitize_level === 0) {
return str_replace(chr(0), " ", $input_string);
}
// User specified sanititation.
if (function_exists('kses')) {
switch($sanitize_level) {
case 1:
$allowed_tags = getAllowedTags('allowed_tags');
$input_string = html_entity_decode(kses($input_string, $allowed_tags));
break;
// Text formatting sanititation.
case 2:
$allowed_tags = getAllowedTags('style_tags');
$input_string = html_entity_decode(kses($input_string, $allowed_tags));
break;
// Full sanitation. Strips all code.
case 3:
$allowed_tags = array();
$input_string = html_entity_decode(kses($input_string, $allowed_tags));
break;
}
} else { // in a basic environment--allow NO HTML tags.
$input_string = strip_tags($input_string);
}
return $input_string;
}
Line 810 specifically is:
$input_string = html_entity_decode(kses($input_string, $allowed_tags));
So I guess my question is what is going on with kses - it seems to only error every several weeks or so. I haven't been able to figure out what triggers it but perhaps someone with fresh eyes will be able to help.
Thanks,
Mike
Zenphoto
Comments
But mostly invalid folder name errors...but I removed the folder in question so that's not it...especially because that was after the canary mismatch thing we are talking about here. Nothing matches up date wise with the error I'm experiencing either...but these are the other errors...just several spoof attempts...
{Mon, 16 Apr 2012 02:06:32 GMT}
Backtrace: Zenphoto encountered an album name spoof attempt: My-Car-Pics/Tyler-State-Park=IMG_8857.jpg=>My-Car-Pics/Tyler-State-Parkâ„‘=IMG_8857.jpg.
Album->Album called
from zp_load_album (functions-controller.php [316])
from zp_load_request (functions-controller.php [520])
from require_once (controller.php [38])
from index.php [55]
I'm going to clear the file and start fresh to see if I can see anything the next time I have the issue...
Always open to other suggestions...I'm glad it's only happening with my site and no clients sites but still would like to figure it out.
Much appreciated,
Mike
If I Google your error I get lots of results all telling me it's a bug in some Suhosin patch.
I'm open to suggestions...lol
Thanks
Since I cleared the logs no errors yet...
Thanks so far guys.
I do see "Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.23 with Suhosin-Patch"
and some other Suhosin references...let's see what I can figure out
kses again at line 4538:
$short2 = kses($short.'</p>', $allowed_tags);
The entire block of code...
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator=false) {
global $_user_tags;
if ($forceindicator || (mb_strlen($articlecontent) > $shorten)) {
$allowed_tags = getAllowedTags('allowed_tags');
$short = mb_substr($articlecontent, 0, $shorten);
$short2 = kses($short.'</p>', $allowed_tags);
if (($l2 = mb_strlen($short2)) < $shorten) {
$c = 0;
$l1 = $shorten;
$delta = $shorten-$l2;
while ($l2 < $shorten && $c++ < 5) {
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$l1 = mb_strpos($articlecontent,'>',$l1+1)+$delta;
} else {
$l1 = $l1 + $delta;
}
$short = mb_substr($articlecontent, 0, $l1);
$short2 = kses($short.'</p>', $allowed_tags);
$l2 = mb_strlen($short2);
}
$shorten = $l1;
}
$short = truncate_string($articlecontent, $shorten, '');
// drop open tag strings
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$short = mb_substr($short, 0, $open);
}
// drop unbalanced tags
// insert the elipsis
$i = strrpos($short, '</p>');
if (($i !== false) && ($i == mb_strlen($short) - 4)) {
$short = mb_substr($short, 0, -4).' '.$shortenindicator.'</p>';
} else {
$short .= ' '.$shortenindicator;
}
$short = trim(kses($short.'</p>', $allowed_tags));
return $short;
}
return $articlecontent;
}
What's the deal with kses - what exactly does it do and when does it do it? Can it be disabled?
Very frustrating...any other help to diagnose this would be grateful.
I tried a bunch of other server things like disabling Suhosin and other things related to that but nothing has helped...
Ultimately I know it's a server thing - but it's also somehow related to something ZP is doing on my site specifically...as mentioned I have other ZP installs with NO issues.
EDIT: I'm wondering if it has something to do when I get a comment? Comments go right into moderation because I get a bit of spam...No other sites are using comments??????
Thanks,
Mike
http://sourceforge.net/projects/kses
We'll see what happens. Thanks
In addition, we did use the kses function to "balance" html tags when we shortened content--this is the use you have above. The new kses did not do this, so we also had to chnage not to use kses for this purpose. Right off hand I think that this fix did not make it in the released version of 1.4.3, so would require the nightly build.
So, the recommendation is for you to upgrade to the nightly build.
None-the-less, the upgrade went fine - but I'm now experiencing an unrelated bug (I think) - should I post elsewhere or do something different?
The bug:
(it appears when adding a link to a zenpage page, if the link contains an ampersand (&), such as in a query string, or in the "title" it doesn't display as a link - just text. A plain link works fine.)
But we are so far not able to reproduce this. I tested including links to a page and an article via tinyZenpage and all works as expected (link is on that ticket). What is not right for you. Please post details and best a link.
However, if I copy the entire page to a new page - it still doesn't work but if I copy just the link to a new page it works...weird...
Link on homepage is fine:
http://www.mikemartinelli.com/
The link is:
Dynomax VT REVIEW!
But that same link on another page is just showing as text:
http://www.mikemartinelli.com/index.php?p=pages&title=ascmclaren-information
Same text:
Dynomax VT REVIEW
(towards bottom)
This page is all messed up - links and images:
http://www.mikemartinelli.com/index.php?p=pages&title=DadsLx5.0
Can i go directly into the DB to fix things?
Do I just delete them from the database then re-create in ZP? Or is there something else I need to do in the DB?
Thanks,
Mike