I have a lot of PHP errors regarding file at err_log.
Some users got "unable to execute" error twice or more at page and there are "exploit try" errors in drupal log.

Follow sample error log dump

----DUMP ERR_LOG------
[client 68.188.216.62] PHP Notice: Undefined property: max_views in /var/www/html/banner_file.php on line 72, referer: http://mysite/node/8301
[client 68.188.216.62] PHP Notice: Undefined property: day_max_views in /var/www/html/banner_file.php on line 78, referer: http://mysite/node/8301
[client 68.188.216.62] PHP Notice: Undefined property: week_max_views in /var/www/html/banner_file.php on line 84, referer: http://mysite/node/8301
[client 68.188.216.62] PHP Notice: Undefined property: html in /var/www/html/banner_file.php on line 98, referer: http://mysite/node/8301
[client 137.205.93.40] PHP Notice: Undefined offset: 3 in /var/www/html/banner_file.php on line 40, referer: http://mysite/node/6794
[client 137.205.93.40] PHP Notice: Undefined offset: 3 in /var/www/html/banner_file.php on line 47, referer:
--------------

Comments

mwudrupal’s picture

mwudrupal commented

i have also tried to debug this group of issues

first, i found errors in banner_db.php - actually the $struct is first indexed using $tid, but codes in banner_db.php is not following this - one you add it - you will get your banner (from database only), eg:

...
$tid = isset($_GET['tid'])? (int)$_GET['tid'] : 0;
...
$max = count($ballot[$tid][$pos]) - 1;
...
$id = $ballot[$tid][$pos][$random];
$banner = $banners[$tid][$id];

secondly, as to the banner_file.php - it seems to be having issues to get the $banner->html created - i alwasy get "document.write()" - which is blank -

any idea about the second issues. please help!

WebRIPPER’s picture

WebRIPPER commented

Actually the error comes from common.inc and its in valid_input_data. That seemed that this module unable to live fine with "preg_match("/<\s*(applet|script|object|style" this restriction
Please advice

BTW - is the first error fixed in head?

wulff’s picture

wulff commented

@mwudrupal: The first issue you describe has been fixed in drupal-4-6 and cvs.

This is probably a file locking issue - please try the latest drupal-4-6 version of banner.module.

wulff’s picture

wulff commented
Status: Active » Closed (fixed)

Closing.