I found out yesterday that the hosting company for my brothers site, Network Solutions, made a change on their servers and now the site is inaccessable. All I get is an error message saying

"PAGE NOT FOUND

We cannot locate the page you're looking for. Please check the address and make sure all letters are lowercased with no spaces. You may also move to a different page by using the links in the menu bar above. "

The site ishttp://www.bpbows.com .

I called their tech support and their answer was to send me an email saying that the issue is closed and the following snippet of instructions:

"If you are currently running the PHP or server-side variables listed below on your Network Solutions® Web Hosting package, please review the instructions below to update your code. If you do not use these specific variables, you will not be affected by this update and no action is needed.

<pre>
Variables: Replace with:

PHP_SELF REQUEST_URI
Options Indexes Please use “+” or “-“ before your Options. For example, “Options -Indexes" or "Options +Indexes"
</pre>
I called them again and they agreed that they should figure out where it needs to be changed and correct it. We'll see, I don't have much faith in them personally. So my question is, where would this change need to happen? What do I need to do to fix it?

Thanks;

Curt

Ok first of all, Can a moderator please change the link he has given as it contains information that no ones needs to see.

Second.

I am unclear as to what should be changed with what? Your example doesn't give any real reference to which php globals should be changed with? or maybe I am missing the point here.

The only thing I could think of is with globals such as $HTTP_SERVER_VARS['PHP_SELF'] to $_SERVER['PHP_SELF'] and
$HTTP_SERVER_VARS['REQUEST_URI'] to $_SERVER['REQUEST_URI']?

Php treats these globals differently and thus thats where the problem lays.

Use a program like powergrep to do a mass replace of these two on your scripts.

Hope that helps.

Catz

Quote:

That's my point. The hosting company only gave me that little bit of a hint to work with. I am not in any way shape or form a php guru, so I have no idea where to begin, nor how many places these changes would have to take place. If I just dive into it, I'm sure I'll break it.

The way it ended up posting, because the pre tag was ignored in the post, it's a little unclear. Basically they are saying to replace the variable PHP_SELF with REQUEST_URI. That and the clue about options, "Options Indexes Please use “+” or “-“ before your Options" are the only info they gave me.

Thanks;

Curt

ps - Why does the pre tag work in preview but not in the post?

Quote:
You need to use 'quote' tags if you want to mono-space text in a post.

Quote:

Ok, I think I better understand now :)

Do a search for

$HTTP_SERVER_VARS['REQUEST_URI'] and $_SERVER['REQUEST_URI']

And replace them with:

$_SERVER['PHP_SELF']


I think the Options Indexes refer to htaccess files. if you are unsure as to which you should use, do a google on this subject (ie what options you have in your htaccess file.

Hope that helps?

Catz

I believe (but cannot confirm) that '$PHP_SELF' will not work in a PHP script without 'register_globals' being 'on' in the server config. If your host has upgraded their system and turned globals 'off' that may explain their cryptic comment about replacing this function with '$_SERVER['REQUEST_URI']'?

You didn't mention XOOPS as being the problem in your post, but I run XOOPS on a Linux server with globals off without any issues.

Side note: Since $_SERVER['REQUEST_URI'] contains the URL from the browser's address line, it is therefore an attack vector for malicious users (ie: it is something the user has control over). So if you have any custom code in your site, you should be sure to escape $_SERVER['REQUEST_URI'] when using it in your code. ie:



Otherwise, your site is open to an XSS attack.

--Julian

I do know from experience that $_SERVER['REQUEST_URI'] doesn't work at all on IIS. I believe you need to use $_SERVER['SCRIPT_NAME'] or (globals permitting) $_SERVER['PHP_SELF'] if you want your application to run on both Apache and Windows servers.

I took for granted that you would realize that the site is a XOOPS site. Why else would I post here? I'm using the XOOPS 2.2 branch. Have been for a couple of years. I believe, if my memory is correct is that it is 2.2.4 version. It's running on a linux server at Network Solutions. I have various modules installed including zen cart, archcontact, poll, counter, protector, etc. The following is the entire email I received from them.


-------- Original Message --------
Subject:
Network Solutions Service Request #1-2xxxxxx
Date:
Wed, 11 Apr 2007 11:24:43 -0400
From:
CustServ <siebelcustserv@networksolutions.com>
To:
<xxxxx@bresnan.net>



Dear xxxxxxxxxx,

Thank you for contacting Network Solutions. We are committed to creating the best customer experience possible. One of the first ways we can demonstrate our commitment to this goal is to quickly and efficiently handle your recent request.

The issue you reported to Network Solutions on 4/10/2007 07:04:49 PM and assigned Service Request 1-xxxxxxxxx has been completed and closed.
Network Solutions implemented an upgrade to our servers over the past weekend to enhance the security of all of our hosted Web sites. We are now using Apache® Version 2.2.
If you are currently running the PHP or server-side variables listed below on your Network Solutions® Web Hosting package, please review the instructions below to update your code. If you do not use these specific variables, you will not be affected by this update and no action is needed.
Variables: Replace with:
PHP_SELF REQUEST_URI
Options Indexes Please use “+” or “-“ before your Options. For example, “Options -Indexes" or "Options +Indexes"

We recommend you make these changes to your code as soon as possible to improve the security and efficiency of your Web sites.

We apologize for any inconvenience.

Thank you for choosing Network Solutions.

Sincerely,

KEVIN024
Net Solutions Specialist
Network Solutions
hosting@networksolutions.com
-------------------------------------------


I do not know if they have turned 'register_globals' off or not. All I know is the above. Their note does not tell me where I would need to make the changes. If I have to change something on each page, that would be a hell of a lot of pages to modify. Is there some place where a global setting can be changed?

Thanks;

Curt