I am using drupal 4.6.5. My host provider is not permitted use file() funtion in php scritp, so I have to use cURL.
If I use this script in one file out of drupal (http://pruebas.vivencias.net/index.php) all working fine:
<?php
$location = 'http://www.kernel.org/kdist/finger_banner';
$ch = curl_init();
$timeout = 5; // set to zero for no timeout
curl_setopt ($ch, CURLOPT_URL, $location);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$source = curl_exec($ch);
curl_close($ch);
$lines = array();
$lines = explode("\n", $source);
echo " ************** <br />";
// display file line by line
foreach($lines as $line_num => $line) {
echo "Line # {$line_num} : ".htmlspecialchars($line)."<br />\n";
}
?>
But if I try using it into a node content I get this error:
Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
I think that it is strange... why is this code working fine into a index.php and doesn't into drupal content?
I have look into this, and I have tested that the error is just getting when the line "$source = curl_exec($ch);" appears in the script. And all working fine if the "exec" word it isn't in the code. I have check this in all type of nodes (filter html, php code, full html) and WHEN THE WORD "EXEC" is written into them I get the same error: "Service Temporarily..."
I think that is a problem of drupal because when the script is alone in one file the server works fine... ¿?
I have looked for it in google, in drupal forums, etc. but I don't find something that can help me.
Could you help me?
If someone wants to check it, I can create one account for him in my site (http://godest.vivencias.net).
Thanks.
Comments
You might check with you
You might check with you hoster on this. I have had the same thing happen when running phpBB with a mod. Some of the code would not run because they had set up some sort of filter on all PHP code. I had it fixed by informing them and they made some adjustment to the filter script.
Me too
I get the same error when trying to add some CURL code to a block.
I'm hosted at Dreamhost.
mod_security?
Perhaps your host uses mod_security. Best to ask them, why you get this error.
--
Tips for posting to the forums.
When your problem is solved, please post a follow-up to the thread you started.
Yes mod_security
I just saw the issue you created: http://drupal.org/node/53874. So mod_security it is. Contact your host to resolve the problem.
--
Tips for posting to the forums.
When your problem is solved, please post a follow-up to the thread you started.
works other places
If i take the exact same php CURL code and put it in it's own page, completly removed from Drupal, it works fine. Could it work in one place and not in Drupal and still be a mod_security problem?
mod_security & POST
mod_security works (in this case) on data that's POSTed back to the website. If you put code in it's own page (file?) on the server and hence isn't posted, mod_security won't interfere.
See for more information http://www.modsecurity.org/
edited to add: a module for drupal would probably do the trick.
--
Tips for posting to the forums.
When your problem is solved, please post a follow-up to the thread you started.
does a block make a POST?
I haven't been with Drupal long enough to know...
How is Drupal making a POST by putting the curl code in a block? And why would putting the curl'ed code in a module make a difference? Thanks for helping the newb.
The moment you fill in a textarea and press submit
The moment you fill in a textarea and press submit, mod_security takes a look at what gets submitted. This happens when you submit a node (story, page etc), block or anything else. (mod_security also checks headers, user agents and sometimes even output, but these are not a problem in your case).
A module is a file located on the server, used by Drupal and shouldn't be subject to mod_security checks.
False positives are not uncommon. From modsecurity.org:
--
Tips for posting to the forums.
When your problem is solved, please post a follow-up to the thread you started.
Oh, duh
I get it now. I wasn't even thinking of how to actually submit the data. I get what you're saying now about the POST. I was POSTing the data when I submitted the block. I think I'm going to try to update the block by hand in the database and see what happens.
Well, Heine, I finally
Well, Heine, I finally figured it out. It finally clicked that mod_security (or 'Extra Web Security' as Dreamhost calls it) fires when I submit data, through Drupal, to my database. I wanted to get this to work so...
I created a dummy PHP block. Then I tried to use phpMyAdmin to update the data in the database to the CURL code. No dice, since Dreamhost is using mod_security on the phpMyAdmin installation.
So, godo, I ended up getting it to work by using my shell access to the database using mysql's command line interface to update the body field in {blocks} to the php code I wanted in the block.
However, I must add the big uhh-ohh I discovered while doing this. I was trying to use this php code in a block that was on every page. When I updated the block in the database I used the wrong URL, which is in my drupal path. I said http://www.example.com/gallery/blah when I meant to say http://www.example.com/gallery2/blah.
So when I loaded the page, the block tried to load, but the block was trying to load the wrong URL. Drupal was intercepting the wrong URL and trying to load the 'Page not found' which included the offending block, which tried to load the block, whick tried to load the 'Page not found' page ... ad infinitum. So, in essence, I had denial of serviced myself. I couldn't get to my website at ALL for about 20 minutes. I'm assuming Dreamhost finally killed something. Don't do what I did :)
I use DreamHost too, possible solution?
If mod_security is doing it, you can disable that in your panel under "manage domains" on DreamHost.
http://wiki.dreamhost.com/index.php/KB_/_Web_Programming_/_CGI%2C_PHP_%2...
-- Ben // profilefx.com