Looks good now! Unfortunately, I found something else...
Fri Sep 01, 2023 12:57am

Two things actually. Not sure if you wanted directory listing on /blog/includes/ but it's available.

The other one is the includes/footer.php gets stuck in an infinite loop and taxes the server hardcore if you open it directly in the browser or via curl (You can bypass the '406' response with curl by setting the user agent header to something besides curl. Ex: -H 'User-Agent:Mozilla' seemed to work)

  • You weren't supposed to get there - Puckdropper, Thu Aug 31 2023 4:08pm
    But you did! Good thing I didn't trust the client. I've fixed it. I had to not output anything until after I sent a redirect header, so not every message got CSS'd.
    • Looks good now! Unfortunately, I found something else...- Erik_, Fri Sep 01 2023 12:57am
      • The footer is loading the footer for the whole website - Puckdropper, Tue Sep 05 2023 4:41pm
        It's not supposed to be opened alone. Here's the offending line: include "../includes/footer.php"; So when the footer is loaded in the correct place, it drops past /blog/ into / and gets the footer for the website. When loaded in includes/ it bounces down to /blog/ and back up to /blog/includes.... more
        • Well that's done... - Puckdropper, Sun Sep 10 2023 1:20am
          I had to: define("SETTINGS_STATUS", "Good.", true) instead of define("SETTINGS_STATUS", true, true); because PHP interpreted SETTINGS_STATUS to be true even if it was never set. Some thing about it not being null or something, I guess.
          • Oh wow, that's a odd quirk to have. - Erik_, Mon Sep 11 2023 2:36pm
            I would have also assumed that not set = false. Is the 'define' sub yours or a PHP thing?
            • It's a PHP thing. If you define the symbol, you can use it - Puckdropper, Tue Sep 12 2023 3:08am
              elsewhere in your code. Kinda like a global, but not really a global. (And globals aren't. You have to explicitly tell your subroutine to use the global variable.) You'd think, and even a function checking for existence would tell you it didn't exist, but nothing really seemed to work. Perhaps... more
              • because == wasn't equal enough. I think I found why it was evaluating to true if it wasn't defined in one of the comments in the PHP Manual: Be aware that if "Notice"-level error reporting is turned off, then trying to use a constant as a variable... more
                • I think PHP has === too......... - Puckdropper, Fri Sep 15 2023 5:51am
                  What really got me about the comment was everything before the comma: Be aware that if "Notice"-level error reporting is turned off, WHAT! The program behaves differently if a certain type of error reporting is enabled? I'd have never even thought about that as a possibility. The car pulls to... more
                  • I didn't even catch that! - Erik_, Sat Sep 16 2023 10:17am
                    That's crazy. It's like they took Perl's "use strict" and "use warnings" and combined them under just warnings for some reason.
        • They sounds like a good idea - Erik_, Tue Sep 05 2023 5:54pm
          My worry would be either sone crawling bot or random person queuing up a bunch of parallel requests to the footer.php file directly and tanking the whole site. I wonder if it would tank NE and UCL as well? Probably, right? Are they all just sub dirs?
          • There are script limits to help prevent mistakes - Puckdropper, Sun Sep 10 2023 2:04am
            from doing that. Imagine, you're on a shared server and you can take down other sites by a simple infinite loop. You can't access the includes directories now. I wonder if I should just upload a blank index page, too. That seems a little less server dependent. I'm running the same code on the... more
            • Ah, makes sense. My host has them too. - Erik_, Mon Sep 11 2023 2:14pm
              Koyeb is way more strict than Heroku (probably free vs paid thing though). On the NE DiscApp Stats page, before I made a fix, I could cause the server to reboot on any export due to the memory spike it would cause. So, while it would protect everyone else on that shared server, if someone was to constantly... more
"Forces act when not restrained" - Puckdropper