I am helping a small organization upgrade their Joomla install, they currently are running version 1.5.26. To test an upgrade I moved the site to my host at bagd.michaeldacre.com - you can't see that page now as it is password protected.
The port mostly went fine, I used ftp to copy all of the files, and I dumped and moved the database. The site works exactly the same as on the live site, except that some raw php code - that I can find in any source file using grep - keeps being displayed at the top of various pages. Oddly, all of the content is being displayed fine otherwise - so the php is being executed, and the database is accessible.
What is being displayed is raw php, specifically, what is being displayed is the following:
Code: Select all
* @GNU General Public License */ // no direct access defined('_JEXEC') or die('Restricted access'); // register the handler $mainframe->registerEvent( 'onPrepareContent', 'plgInsertHTMLEditorButton' ); function plgInsertHTMLEditorButton( &$row, &$params, $page ) { global $mainframe; $pattern = '/\{HTML\}(.*?)\{\/HTML\}/i'; // match {HTML}...{/HTML} case no sensitive, execute php in string replace // Security $acl =& JFactory::getACL(); if( $acl->getAroGroup($row->created_by)->id >= 23 || $acl->getAroGroup($row->modified_by)->id >= 23 ) $row->text = preg_replace_callback( $pattern, 'IHEBP_decodehtmlspecialchars', $row->text ); } function IHEBP_decodehtmlspecialchars( $match ) { $match[1] = str_ireplace( "
", "\n", $match[1] ); $match[1] = str_replace( array("<",">"), array("<",">"), $match[1] ); $match[1] = str_replace( array("{apos}","{quot}","{amp}"), array("'","\"","&"), $match[1] ); return $match[1]; }
For reference, in the php.ini the following flags are set:
Code: Select all
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
Code: Select all
display_errors = Off
Also, I don't have any problems with my other sites, e.g. my wordpress site michaeldacre.com, which is hosted on exactly the same server.
I use nginx as the front end for all my sites, which then pass the entire request back the httpd, and the php is parsed by php-fpm, although the problem is exactly the same with the plain old apache php module.
The relevant config files are here:
nginx site config file:
Code: Select all
# This is the configuration file for the bagd clone
#
server {
listen 199.30.59.17:80;
server_name bagd.michaeldacre.com;
server_name_in_redirect off;
access_log /var/log/nginx/bagd.access_log;
error_log /var/log/nginx/bagd.error_log;
root /srv/http/bagd;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
Code: Select all
<VirtualHost 127.0.0.1:8080>
ServerAdmin [email protected]
DocumentRoot "/srv/http/bagd"
ServerName bagd.michaeldacre.com
ErrorLog "/var/log/httpd/bagd.com-error_log"
CustomLog "/var/log/httpd/bagd.com-access_log" common
<Directory /srv/http/bagd/>
DirectoryIndex index.php index.html index.htm
Options +FollowSymLinks -Indexes
AllowOverride All
AuthUserFile /srv/http/bagd_passwords
AuthType Basic
AuthName "BAGD Test Site"
Require valid-user
</Directory>
</VirtualHost>
Code: Select all
LoadModule proxy_handler_module modules/mod_proxy_handler.so
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000/"
</FilesMatch>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
Code: Select all
[Fri Jun 20 15:20:53.948134 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:53.948449 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:53.948668 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:53.949100 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:53.949502 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:53.949620 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:53.949690 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:53.949963 2014] [:error] [pid 16093] [client 127.0.0.1:55797] PHP Notice: Undefined variable: r3d_tmpfinalclass in /srv/http/bagd/modules/mod_maximenu_CK/tmpl/default.php on line 60, referer: http://bagd.michaeldacre.com/
[Fri Jun 20 15:20:54.313553 2014] [core:info] [pid 16095] [client 127.0.0.1:55799] AH00128: File does not exist: /srv/http/bagd/modules/mod_maximenu_CK/themes/questbridge/images/fond_bg.png, referer: http://bagd.michaeldacre.com/scope/why-scope
[Fri Jun 20 15:20:54.313630 2014] [access_compat:error] [pid 16095] [client 127.0.0.1:55799] AH01797: client denied by server configuration: /usr/share/httpd/error/HTTP_NOT_FOUND.html.var, referer: http://bagd.michaeldacre.com/scope/why-scope