Puckdropper
The footer is loading the footer for the whole website
Tue Sep 05, 2023 4:41pm

It's not supposed to be opened alone.

Here's the offending line:
include "../includes/footer.php";

So when the footer is loaded in the correct place, it drops past /blog/ into / and gets the footer for the website. When loaded in includes/ it bounces down to /blog/ and back up to /blog/includes.

I wonder if I should add a check for that, and making sure that the appropriate settings file has been loaded first. It might be a good case for die(). if (!isloaded("settings file")) { die("Here be dragons.") }

  • Looks good now! Unfortunately, I found something else... - Erik_, Fri Sep 01 2023 12:57am
    Two things actually. Not sure if you wanted directory listing on /blog/includes/ but it's available. The other one is the includes/footer.php gets stuck in an infinite loop and taxes the server hardcore if you open it directly in the browser or via curl (You can bypass the '406' response with curl... more
    • The footer is loading the footer for the whole website- Puckdropper, Tue Sep 05 2023 4:41pm
      • Well that's done... - Puckdropper, Sun Sep 10 2023 1:20am
        I had to: define("SETTINGS_STATUS", "Good.", true) instead of define("SETTINGS_STATUS", true, true); because PHP interpreted SETTINGS_STATUS to be true even if it was never set. Some thing about it not being null or something, I guess.
        • Oh wow, that's a odd quirk to have. - Erik_, Mon Sep 11 2023 2:36pm
          I would have also assumed that not set = false. Is the 'define' sub yours or a PHP thing?
          • It's a PHP thing. If you define the symbol, you can use it - Puckdropper, Tue Sep 12 2023 3:08am
            elsewhere in your code. Kinda like a global, but not really a global. (And globals aren't. You have to explicitly tell your subroutine to use the global variable.) You'd think, and even a function checking for existence would tell you it didn't exist, but nothing really seemed to work. Perhaps... more
            • Ah, extra truthiness. Like how JavaScript had to add === - Erik_, Tue Sep 12 2023 5:24pm
              because == wasn't equal enough. I think I found why it was evaluating to true if it wasn't defined in one of the comments in the PHP Manual: https://www.php.net/manual/en/function.define.php Be aware that if "Notice"-level error reporting is turned off, then trying to use a constant as a variable... more
              • I think PHP has === too......... - Puckdropper, Fri Sep 15 2023 5:51am
                What really got me about the comment was everything before the comma: Be aware that if "Notice"-level error reporting is turned off, WHAT! The program behaves differently if a certain type of error reporting is enabled? I'd have never even thought about that as a possibility. The car pulls to... more
                • I didn't even catch that! - Erik_, Sat Sep 16 2023 10:17am
                  That's crazy. It's like they took Perl's "use strict" and "use warnings" and combined them under just warnings for some reason.
      • They sounds like a good idea - Erik_, Tue Sep 05 2023 5:54pm
        My worry would be either sone crawling bot or random person queuing up a bunch of parallel requests to the footer.php file directly and tanking the whole site. I wonder if it would tank NE and UCL as well? Probably, right? Are they all just sub dirs?
        • There are script limits to help prevent mistakes - Puckdropper, Sun Sep 10 2023 2:04am
          from doing that. Imagine, you're on a shared server and you can take down other sites by a simple infinite loop. You can't access the includes directories now. I wonder if I should just upload a blank index page, too. That seems a little less server dependent. I'm running the same code on the... more
          • Ah, makes sense. My host has them too. - Erik_, Mon Sep 11 2023 2:14pm
            Koyeb is way more strict than Heroku (probably free vs paid thing though). On the NE DiscApp Stats page, before I made a fix, I could cause the server to reboot on any export due to the memory spike it would cause. So, while it would protect everyone else on that shared server, if someone was to constantly... more
"Forces act when not restrained" - Puckdropper